The IETF now considers “pervasive monitoring” to be an attack. As Snowden points out, one of the more effective ways to combat it is to use encryption everywhere you can, and “opportunistic encryption” keeps on coming up as one way to help that.
I was asked to introduce the session on this topic at the recent STRINT workshop. There was a lot of disagreement both about the terminology to use, as well as back-and-forth on whether it’s a good idea. but progress on opportunistic encryption is being made. I’ll try to set out where we’re at for HTTP below.
read more....http://www.mnot.net/blog/2014/03/17/trying_out_tls_for_http_urls
I was asked to introduce the session on this topic at the recent STRINT workshop. There was a lot of disagreement both about the terminology to use, as well as back-and-forth on whether it’s a good idea. but progress on opportunistic encryption is being made. I’ll try to set out where we’re at for HTTP below.
read more....http://www.mnot.net/blog/2014/03/17/trying_out_tls_for_http_urls