Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Pseudo HTTPS Proposed

posted by Dopefish on Monday February 24 2014, @06:00PM   Printer-friendly
from the things-could-get-hairy dept.

mrbluze writes:

"A modified HTTP protocol is being proposed (the proposal is funded by AT&T) which would allow ISP's to decrypt and re-encrypt traffic as part of day to day functioning in order to save money on bandwidth through caching. The draft document states:

To distinguish between an HTTP2 connection meant to transport "https" URIs resources and an HTTP2 connection meant to transport "http" URIs resource, the draft proposes to 'register a new value in the Application Layer Protocol negotiation (ALPN) Protocol IDs registry specific to signal the usage of HTTP2 to transport "http" URIs resources: h2clr.

The proposal is being criticized by Lauren Weinstein in that it provides a false sense of security to end users who might believe that their communications are actually secure. Can this provide an ISP with an excuse to block or throttle HTTPS traffic?"

 
This discussion has been archived. No new comments can be posted.
Pseudo HTTPS Proposed | Log In/Create an Account | Top | 73 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by WildWombat on Monday February 24 2014, @07:57PM

    by WildWombat (1428) on Monday February 24 2014, @07:57PM (#6111)

    --"End-to-end HTTPS breaks the Internet and has _always_ broken the internet by preventing caching."

    Bullshit. Not caching every single thing that crosses over the wires does not break the internet. Not everything should or needs to be cached.

    --"Lauren Weinstein is an old net pro and not the kind of person who would support proposals that are meant to hurt your security."

    And RSA isn't the kind of organization that would purposefully weaken their product at the behest of the NSA. Oh, wait, they did. And Weinstein is purposefully pushing a proposal that is obviously and undeniably going to drastically weaken net security, whatever his previous reputation. Anyone want to guess why?

    --"The internet is staggering under the load of unnecessary duplicated information and all of us pay the price of that with slower downloads."

    And more unadulterated bullshit. If you look at what the main loads on the internet are during peak hours there are two major sources: Netflix and Youtube. Thats something like 50% of the bandwidth use during peak hours. These can be cached, in fact, and Netflix will provide computers to do just that if the ISP cooperates. And many other major bandwidth intensive sites already use Akamai or another cdn. The rest of the small scale text and a few pngs net traffic is rather trivial. Not caching the https session between me and my bank doesn't fucking bring the internet to its knees. We need more security on the net, not less, especially not less for bullshit made up reasons.

    So, in short, fuck off you NSA shill.

    Cheers,
    -WW

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Underrated=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4