I've been watching this thread for a while. The idea of making it harder without actually expecting the encryption to work seems like an implicit admission of failure. I think the right posture is to make privacy via encryption the default at every level, or perhaps even mandatory, and to expect it to work. Key management has to be seamless and automatic, and the software and hardware have to be trusted. Let's button up the net and protect our communication from prying eyes, whether they be ISPs wanting to charge us for "high value" traffic, governments wanting to gather intelligence, or others. There will still be lots of information that we can't easily protect, e.g. "metadata." I am not worried about that even though that really does disclose a lot of information. People who need anonymity or other strong protection will need to use special services or third parties, just the way they do in real life. This my personal view and does not represent anyone else's. In particular, I am not speaking for ICANN in this note. Steve On Nov 15, 2013, at 11:43 AM, Hannes Tschofenig <hannes.tschofenig@xxxxxxx> wrote: > Yaakov, you have very nicely summarized the strategy: We need to make attacks more expensive. > > Am 15.11.13 14:54, schrieb Yaakov Stein: >>> That aside, just saying "you MUST do TLS with HTTP/2.0" doesn't buy much security in a world >>> where CAs are not trustworthy, people still use RC4/MD5, use woefully short keys for >>> otherwise strong algorithms, browsers have effectively trained people to always click >>> "visit anyway" and so on. >> >> I believe that this proposal was in line with Bruce Schneier's suggestion at the plenary. >> Do anything to make more work for people trying to listen in to everything on the Internet. >> >> For example, put a key at the top of the content and then encrypt using this key. >> This is meaningless from the confidentiality point of view, >> but eats up computational resources and energy for someone trying to vacuum up everything. >> >> Even better - when you don't have anything to transmit, send meaningless supposed encrypted packets. >> If everyone did this their storage costs would skyrocket. >> Even better, send packets with easily broken encryption containing keywords of interest. >> >> Y(J)S >> >