mrbluze writes:
"A modified HTTP protocol is being proposed (the proposal is funded by AT&T) which would allow ISP's to decrypt and re-encrypt traffic as part of day to day functioning in order to save money on bandwidth through caching. The draft document states:
To distinguish between an HTTP2 connection meant to transport "https" URIs resources and an HTTP2 connection meant to transport "http" URIs resource, the draft proposes to 'register a new value in the Application Layer Protocol negotiation (ALPN) Protocol IDs registry specific to signal the usage of HTTP2 to transport "http" URIs resources: h2clr.
The proposal is being criticized by Lauren Weinstein in that it provides a false sense of security to end users who might believe that their communications are actually secure. Can this provide an ISP with an excuse to block or throttle HTTPS traffic?"
(Score: 4, Insightful) by laserfusion on Monday February 24 2014, @02:32PM
I guess the motivation for this is to break net neutrality. They can't sort encrypted data, say "google search" from "google mail", but this new scheme would allow them to do that. So they would be able to throttle those services separately.
Most users already trust the cloud with their unencrypted data, they would probably go along with this too.
(Score: 3, Interesting) by VLM on Monday February 24 2014, @02:42PM
You can already split those by DNS.
More likely for ad insertion. "So... google... we've paid a lot of money for these carrier grade ad insertion units, would be a shame if your advertisements were overwritten by ours... but for a modest payment direct to us, we could ensure your data is protected... we're just businessmen, making sure we get our share...".
In addition to the blindingly obvious logging and sale of personal data. Why should only google get to sell the contents of your gmail?
(Score: 3, Interesting) by dbot on Monday February 24 2014, @02:57PM
Not to mention selling you more ads, and content injection [theglobeandmail.com].