On Thu 2018-11-08 18:31:28 -0800, Ryan Carboni wrote:
> Encrypting common knowledge is cargo cult fetishism for cryptography. The
> files could be sent unencrypted, and protected using subresource integrity.
> If you are sharing the same data to multiple second parties to serve to a
> single third party, the value of encryption is less than zero.
I agree that the widespread move to CDNs makes those CDNs a point of
vulnerability and potential compromise.
But from a harm reduction point of view, encrypting data that transits a
CDN does protect that traffic from surveillance by non-CDN network-based
adversaries.
There is more research and development work to be done to make that
protection even more robust: anti-traffic analysis work, for example.
But simply reverting to cleartext would be a mistake.
Ryan, your posts in this thread suggest an understandable frustration
with cryptographic deployment on the public Internet, and perhaps an
even more understandable frustration with cryptographic *deprecation* on
the public Internet. However, the web suffers from the same two
problems as much of the public Internet: the curse of the deployed base,
and a small but non-negligible fraction of confused, interfering
middleboxes.
I love proposals that happily ignore these problems, because they tend
to be elegant, and more often correct than janky old stuff! But, if we
want our protocol designs to actually eventually replace old, worse
protocol designs, we need to look at deployment/upgrade/deprecation
paths, which involves a *lot* of ugliness -- the main job of the TLS WG,
afaict. Otherwise, our beautiful new designs will get rolled out, and
will simply co-exist alongside the old brokenness :/
--dkg
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
