{"id":186343,"date":"2014-02-23T21:11:00","date_gmt":"2014-02-24T02:11:00","guid":{"rendered":"https:\/\/www.panix.com\/~msaroff\/40years\/2014\/02\/23\/why-do-i-see-the-nsa-behind-this-sh\/"},"modified":"2014-02-23T21:11:00","modified_gmt":"2014-02-24T02:11:00","slug":"why-do-i-see-the-nsa-behind-this-sh","status":"publish","type":"post","link":"https:\/\/www.panix.com\/~msaroff\/40years\/2014\/02\/23\/why-do-i-see-the-nsa-behind-this-sh\/","title":{"rendered":"Why Do I See the NSA Behind This Sh%$?"},"content":{"rendered":"<p>The Internet Engineering Task Force has proposed a way to speed up encrypted connections that <a href=\"http:\/\/www.theregister.co.uk\/2014\/02\/24\/saving_private_spying_cryptobusting_proxy_proposal_surfaces_at_ietf\/\">works by removing the encryption for part of the journey<\/a>.  Rather unsurprisingly it looks like a way allow the NSA, FBI, etc. to crawl up your ass into your encrypted data:<\/p>\n<blockquote><p><span style=\"color: blue;\">A draft put forward at the Internet Engineering Task Force has drawn the ire of prominent privacy activist Lauren Weinstein as \u201cone of the most alarming Internet proposals\u201d he&#8217;s ever seen.<\/span><\/p>\n<p><span style=\"color: blue;\">The document that&#8217;s upset Weinstein is <a href=\"http:\/\/tools.ietf.org\/html\/draft-loreto-httpbis-trusted-proxy20-01#page-5\">this<\/a> one, out of the HTTPBis Working Group and posted as an Internet Draft on 14 February 2014.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">Entitled <i>Explicit Trusted Proxy in HTTP\/2.0<\/i>, the standard proposes a mechanism by which an upstream provider \u2013 say an ISP \u2013 could get permission to <strike>snoop on<\/strike> decrypt user traffic for the purposes of caching.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">Using proxies to cache traffic in the service provider network is unremarkable and uncontroversial: it&#8217;s been normal practice for a long time. The end user benefit is better performance; the service provider benefit is a reduction in traffic over their upstream transit network links.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">From that point of view, encryption is a pain in the neck: the service provider can&#8217;t see into the encrypted traffic, which reduces the effectiveness of its caching strategy.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">The Internet Draft has this to say:<\/span><\/p>\n<blockquote><p><span style=\"color: blue;\">\u201cTo distinguish between an HTTP2 connection meant to transport &#8220;https&#8221; URIs resources and an HTTP2 connection meant to transport &#8220;http&#8221; URIs resource, the draft proposes to &#8216;register a new value in the Application Layer Protocol negotiation (ALPN) Protocol IDs registry specific to signal the usage of HTTP2 to transport &#8220;http&#8221; URIs resources: h2clr.&#8217;\u201d<\/span><\/p><\/blockquote>\n<p><span style=\"color: blue;\">In essence, to try and protect their ability to cache, the authors of the standard propose that providers seek their customers&#8217; permission to decrypt their traffic (solely for the purposes of offering a better customer experience, naturally).<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">For some reason, Weinstein finds this proposal outrageous: \u201cThe proposal expects Internet users to provide &#8216;informed consent&#8217; that they &#8216;trust&#8217; intermediate sites (e.g. Verizon, AT&amp;T, etc.) to decode their encrypted data, process it in some manner for &#8216;presumably&#8217; innocent purposes, re-encrypt it, then pass the re-encrypted data along to its original destination,\u201d he writes.<\/span><\/p><\/blockquote>\n<p>Considering that AT&amp;T proposed this, and that AT&amp;T&#8217;s record vis a vis illegal surveillance is pretty horrific, I do not see this as a positive proposal.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Internet Engineering Task Force has proposed a way to speed up encrypted connections that works by removing the encryption for part of the journey. Rather unsurprisingly it looks like a way allow the NSA, FBI, etc. to crawl up your ass into your encrypted data: A draft put forward at the Internet Engineering Task &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[970,969,997,1041,1196,1025],"tags":[],"class_list":["post-186343","post","type-post","status-publish","format-standard","hentry","category-corruption","category-evil","category-internet","category-law-enforcement-misconduct","category-privatization","category-technology"],"_links":{"self":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/186343"}],"collection":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/comments?post=186343"}],"version-history":[{"count":0,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/186343\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/media?parent=186343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/categories?post=186343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/tags?post=186343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}