undefined | Better HN

0 pointsEtherealMind11y ago0 comments

Certain corporate companies formed a consortium to prevent encryption to ensure that monetisation of personal information would continue.

At the very last stage, the IETF appeared to be hijacked by very large telcos (e.g. ATT, Verizon, Ericsson, Comcast) to remove the mandatory requirement for TLS

As an outsider, this look likes a careful co-ordinated attack on the IETF standards process by a small number of "serial IETF professionals" who are paid by the big carriers to be inside the organisation and ensure that standards do the bidding of corporate masters. (some hyperbole there)

Waiting until the last phase restricted discussion, and used the existing momentum to complete HTTP2 standard while removing one of the fundamental reasons for HTTP2 to exist.

It is a very sad day that consumer rights have been compromised by big money. And as the Lenovo Superfish debacle showed, likely it will backfire in the long run.

Here is the consortium: http://www.atis.org/openweballiance/about.asp

Here is an summary I wrote about this topic: http://etherealmind.com/response-open-web-alliance-lobbies-i...

0 comments

2 comments · 2 top-level

grey-area11y ago

Thankfully the browser and server vendors can do an end-run round this by simply not supporting http2 without encryption. Then no matter what the standard says ordinary users will be protected and it'll be one more reason for sites to move to https everywhere. The article discusses this in TLS mandatory in effect

higherpurpose11y ago

Not just corporations, NSA, too:

http://arstechnica.com/security/2014/01/nsa-employee-will-co...

j / k navigate · click thread line to collapse