SoylentNews is people
SoylentNews
mrbluze writes:
"A modified HTTP protocol is being proposed (the proposal is funded by AT&T) which would allow ISP's to decrypt and re-encrypt traffic as part of day to day functioning in order to save money on bandwidth through caching. The draft document states:
To distinguish between an HTTP2 connection meant to transport "https" URIs resources and an HTTP2 connection meant to transport "http" URIs resource, the draft proposes to 'register a new value in the Application Layer Protocol negotiation (ALPN) Protocol IDs registry specific to signal the usage of HTTP2 to transport "http" URIs resources: h2clr.
The proposal is being criticized by Lauren Weinstein in that it provides a false sense of security to end users who might believe that their communications are actually secure. Can this provide an ISP with an excuse to block or throttle HTTPS traffic?"
(Score: 0) by Aighearach on Monday February 24 2014, @09:18PM
I agree it is not useful for trust. However, I do see a use. Lots of things get sent over HTTPS so that they are not visible to casual observers, but where there is not anything that needs to be secured. So a medium level of security where the last mile is encrypted but regional caching is effective might be a good idea.
For example, I plug into an untrusted LAN, or connect to unsecured WIFI. I'd actually prefer to use HTTPS for everything in that scenario. But I really don't care if the ISP/NSA know what news articles I browsed; they (presumably) know that anyways, from the service provider data.
Depending how it is implemented (didn't read story) it might be useful in intranets, too.