NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Addendum re: "Trusted Proxies"


Addendum regarding Trusted Proxies 
(Reference: http://lauren.vortex.com/archive/001076.html)

Since my posting regarding "Trusted Proxies" two days ago, I've seen
some commentary (in at least one case seemingly "angry" commentary!)
suggesting that I was claiming the ability of ISPs to "crack" the
security of existing SSL connections for the "Trusted Proxies" under
discussion.  That was not my assertion.

I didn't try to get into technical details, but obviously we're
assuming that your typical ISP doesn't have the will or ability to
interfere in such a manner with properly implemented traditional SSL.
That's still a significant task even for the powerful intelligence
agencies around the world (we believe at the moment, anyway).

But what the proposal does push is the concept of a kind of half-baked
"fake" security that would be to the benefit of dominant ISPs and
carriers but not to most users -- and there's nothing more dangerous
in this context than *thinking* you're end-to-end secure when you're
really not.

In essence it's a kind of sucker bait. Average users could easily
believe they were "kinda sorta" doing traditional SSL but they really
wouldn't be, 'cause the ISP would have access to their unencrypted
data in the clear. And as the proposal itself suggests, it would take
significant knowledge for users to understand the ramifications of
this -- and most users won't have that knowledge.

It's a confusing and confounding concept -- and an unwise proposal --
that would be nothing but trouble for the Internet community and
should be rejected.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad