On 12/3/15, Salz, Rich <rs...@akamai.com> wrote: >> I actually went in thinking that I'd be crushed and concede; imagine my >> surprise! > > The fact that you viewed it as "crushed and concede" implies to me that your > mind was already made up, and that no description of trade-offs was going to > sway you. Is that belief unfair to you?
No, I said explicitly the opposite: I expected that you would change my mind because you took the time to think about it, write slides and present it. I'm late to the party, so I had an open mind and was shocked that this was what had convinced anyone at all. I'm sympathetic to the government pressure angle but I do not believe that because one is afraid, one does better by preemptively capitulating. If Akamai wants to leave their users insecure, I look forward to another CDN offering privacy options. Such choice is missing if that isn't an option and it isn't on as a strong default. In any case, I await the specific cryptographic details and some of the people in my cryptographic research group (non-Tor) are interested. When it is published, I'll see if it actually helps to solve the problem at hand. If we can't design a cryptographic scheme to protect SNI, I'd understand fully why we won't have such a protection deployed. If we design it and then we're unhappy about DNS, well, great, one problem down - next up, dnsop works to solve the DNS query privacy problem. There is already work being done there - so I think we're on the way. All the best, Jacob _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls