Lauren Weinstein is not a happy man, not after the IETF decided to propose for an Internet that would do away with privacy. Since 1970, Lauren has spoken out for Internet responsibility, information privacy and net neutrality. After the Internet Engineering Task Force (IETF) Draft for an Explicit Trusted Proxy in HTTP/2.0″ was published, the gains brought to internet users by SSL (through https connections) are bound to be eroded in the name of network performance. “If you care about Internet security, especially what we call “end-to-end” security free from easy snooping by ISPs, carriers, or other intermediaries, heads up! You’ll want to pay attention to this,” says Weinstein.
The threat of online surveillance has compelled major tech companies to offer strong encryption for the protection of users accessing their services. However, this could all be in vain if the Explicit Trusted Proxy is widely implemented. Telecom companies would strip away the SSL layer that encapsulates user data leaving the ETP as a trusted server to the user. ETP proponents hail the technology as solution to issues of performance.
Is the trade-off between trust and performance worth it? Here’s an excerpt from Weinstein’s blog post:
You see, one of the “problems” with SSL/TLS connections (e.g. https:) — from the standpoint of the dominant carriers anyway — is that the connections are, well, fairly secure from snooping in transit (assuming your implementation is correct … right?)
But some carriers would really like to be able to see that data in the clear — unencrypted. This would allow them to do fancy caching (essentially, saving copies of data at intermediate points) and introduce other “efficiencies” that they can’t do when your data is encrypted from your client to the desired servers (or from servers to client).