SoylentNews

Pseudo HTTPS Proposed

posted by Dopefish on Monday February 24 2014, @06:00PM   
from the things-could-get-hairy dept.

mrbluze writes:

"A modified HTTP protocol is being proposed (the proposal is funded by AT&T) which would allow ISP's to decrypt and re-encrypt traffic as part of day to day functioning in order to save money on bandwidth through caching. The draft document states:

To distinguish between an HTTP2 connection meant to transport "https" URIs resources and an HTTP2 connection meant to transport "http" URIs resource, the draft proposes to 'register a new value in the Application Layer Protocol negotiation (ALPN) Protocol IDs registry specific to signal the usage of HTTP2 to transport "http" URIs resources: h2clr.

The proposal is being criticized by Lauren Weinstein in that it provides a false sense of security to end users who might believe that their communications are actually secure. Can this provide an ISP with an excuse to block or throttle HTTPS traffic?"

• In defense of Lauren Weinstein (Score: 5, Informative) by Sir Garlon on Monday February 24 2014, @06:32PM

  by Sir Garlon (1264) on Monday February 24 2014, @06:32PM (#6032)

  Lauren Weinstein is an old net pro and not the kind of person who would support proposals that are meant to hurt your security.

  Lauren Weinstein is a *critic* of the draft [ietf.org], not a supporter of it. Look at the list of authors: "Weinstein" is not there. Probably you just read TFA too quickly, but invoking Weinstein's name to support this proposal is like invoking Rush Limbaugh's name to support Obamacare.

  --
  [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.

  Parent

  Starting Score:	1		point
  Moderation		+4
  Informative=4, Total=4
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		5