Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

> <tp>
> 
> And that is another example of the use of encryption that I think
> may be abusive.
> 
> Increasingly, I find that when I access a website, of some leisure
> interest, an https:// tunnel has been set up to Google, Facebook,
> Twitter or some such, which makes me think that they are acquiring
> personal information about me, information which I cannot see,
> perhaps for use in a way I will not approve of.  It is like phishing,
> only
> different.

The HTTPS tunnel originates from your own machine. You can see what's
going into the tunnel if you want. HTTPS is about securing the
transport, not the endpoints.

> And there seems to be no way of stopping it (short of a router ACL to
> prevent access to Google).

It's well-known that Facebook "Like" buttons and things like that
communicate home before being used for anything. If they'd do it
unencryptedly, they'd still do it. The encryption doesn't change their
desired behaviour, only the way their payload is transported.

By encrypting, at the very least your personal data leaks to Google etc.
alone. (*) If they'd send it unencryptedly, everyone on the IP path,
such as a perpass attacker, *also* learns about your personal data.

So: encryption does something good even in the scenario you describe.

Greetings,

Stefan Winter

> Tom Petch
> 
> </tp>
> 
> 
> What I don't feel good about is perpass-attack, which is going to
> be at best ignored, or wildly misinterpreted and misused by its intended
> audience. It's primarily a kneejerk reaction to news events to assuage
> the consciences of IETF insiders.
> 
> also, do we get drafts through last call by simply now announcing in
> the draft that it has been through last call? That does make things
> easier. Must start writing 'this RFC' in drafts, which will help that
> benighted state come to pass.
> 
> Lloyd Wood
> http://sat-net.com/L.Wood/
> 
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]