On Mon, Jul 21, 2014, at 13:12, Holger Levsen wrote: > Hi Iain, > > On Sonntag, 20. Juli 2014, Iain R. Learmonth wrote: > > The main one is that there are places in the world you just can't use HTTPS > > for legal reasons [...] > > I'm curious, can you name one?
http://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography And http://www.cryptolaw.org/cls2.htm The usual suspects: Belarus, Iran, Saudi Arabia (and I guess North Korea, but the use of crypto is probably OK if you are allowed to use a computer and connect to outside of the world anyway...) But again this should not be a reason to not deploy encryption everywhere. The current problem with HTTPS is that it bundles encryption with authenticity. This needs to be unbundled[1]. My opinion is that even a transparent opportunistic encryption (f.e. like DANE implementation in postfix) would improve the overall state of security. 1. I must admit that I haven't been able to monitor httpbis progress on this topic. Ondrej -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1405949524.7249.143937105.648e1...@webmail.messagingengine.com