Dev.SN ♥ developers
Sections
Dev.SN
mrbluze writes:
"A modified HTTP protocol is being proposed (the proposal is funded by AT&T) which would allow ISP's to decrypt and re-encrypt traffic as part of day to day functioning in order to save money on bandwidth through caching. The draft document states:
To distinguish between an HTTP2 connection meant to transport "https" URIs resources and an HTTP2 connection meant to transport "http" URIs resource, the draft proposes to 'register a new value in the Application Layer Protocol negotiation (ALPN) Protocol IDs registry specific to signal the usage of HTTP2 to transport "http" URIs resources: h2clr.
The proposal is being criticized by Lauren Weinstein in that it provides a false sense of security to end users who might believe that their communications are actually secure. Can this provide an ISP with an excuse to block or throttle HTTPS traffic?"
(Score: 5, Insightful) by frojack on Monday February 24 2014, @02:15PM
This ship has sailed.
We are not going to trust AT&T or any ISP to decrypt our stuff any more. Fool us once, shame on you. Fool us twice, shame on us.
ISPs and network providers: Your job is to build bandwidth with the obscene profits we have handed you over the years. Your job is NOT to find ways to prevent having to fetch a few more bits. Do your job. Build the networks. Carry the data.
Turning everything over to the NSA is precisely why we want HTTPS everywhere. You proved you couldn't be trusted. Now STFU, lay the fiber, build the network, or get out of the way.
Discussion should abhor vacuity, as space does a vacuum.
(Score: 5, Insightful) by Sir Garlon on Monday February 24 2014, @02:47PM
Unfortunately there is no competition in the US broadband market, because local governments have signed exclusive deals with the big ISPs. So there is no incentive for Comcast or Verizon to give a damn what we want. Not too many people are going to cancel their Internet access just because Verizon is throttling Netflix. Pro-industry regulation got us into this mess, and I think only pro-consumer regulation can get us out.
[Sir Garlon] is the marvellest knight who is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 2, Insightful) by hash14 on Monday February 24 2014, @10:12PM
There is no such thing as pro-consumer anything in the US Congress. Once the Supreme Court legalized bribery, any hope of a government that's not thoroughly sworn to monetary interests became far beyond possibility. And it doesn't help that half of the American voting public thinks Jesus walked with dinosaurs.
The local governments did totally screw themselves when they signed those exclusive agreements. What needs to happen is for a few high profile cases where the municipality pays for the infrastructure and lends it out to the service providers. A few cities are already doing this in fact. Then hopefully it will catch steam and others will follow in suit. Of course, this doesn't stop Federal government from doing other favors to their members, but at least not all governments will be their slaves, and hopefully the population will drift to those locations which are better served, making it harder for ISPs to control people.
(Score: 3, Insightful) by Grishnakh on Monday February 24 2014, @04:34PM
ISPs and network providers: Your job is to build bandwidth with the obscene profits we have handed you over the years. Your job is NOT to find ways to prevent having to fetch a few more bits. Do your job. Build the networks. Carry the data.
Turning everything over to the NSA is precisely why we want HTTPS everywhere. You proved you couldn't be trusted. Now STFU, lay the fiber, build the network, or get out of the way.
"frojack" and other idiots who sympathize with him: We're going to keep the obscene profits you gave us, and we're going to pay your government representatives for even more laws which favor us and guarantee us more obscene profits, so our CEOs can buy giant yachts. We're going to do the absolute minimum with regards to building networks, because we don't give a shit if your Netflix streams are unwatchable because of excessive packet dropping, since you should be paying us handsomely to use our shitty video-on-demand services instead. On top of all that, we're going to give the NSA access to anything they want.
Don't like it? Too bad, chump! What are you going to do about it, switch to a competing ISP? Bwahahahahaha! Now STFU and pay our exorbitant bill to you for our shitty services.
- ISPs and network providers
(Score: 1) by DECbot on Tuesday February 25 2014, @12:22AM
Ack! You found us here! We built a whole new site to get away from your money grubbing hands
Is there no place sacred?
(Score: 0) by Aighearach on Monday February 24 2014, @05:18PM
I agree it is not useful for trust. However, I do see a use. Lots of things get sent over HTTPS so that they are not visible to casual observers, but where there is not anything that needs to be secured. So a medium level of security where the last mile is encrypted but regional caching is effective might be a good idea.
For example, I plug into an untrusted LAN, or connect to unsecured WIFI. I'd actually prefer to use HTTPS for everything in that scenario. But I really don't care if the ISP/NSA know what news articles I browsed; they (presumably) know that anyways, from the service provider data.
Depending how it is implemented (didn't read story) it might be useful in intranets, too.