On Mon, Jun 6, 2016 at 7:21 AM, Ted Lemon <mel...@fugue.com> wrote: > I've posted a new document to the datatracker that adds some TLS alert > codes that can be sent to indicate that a particular TLS request has been > blocked by the network. This attempts to address the problem of notifying > the user of what went wrong when a site is blocked, without creating a > channel that can be used by a hostile network to attack a user. >
This is a bad idea in general, and we shouldn't do things like this. Standardizing and implementing things like this signals, politically, that we accept and even encourage censorship like we see in China and many other places already in the world. That, on its own, makes this a non-starter. The inconvenience, confusion, and unreliability of current methods of (not) notifying the user about the filtering is a strong disincentive towards people thinking about deploying filtering that is abusive. Perhaps there is some kind of filtering that isn't abusive, but IMO the gain from improving that doesn't outweigh any loss, politically or otherwise, from, intentionally or unintentionally supporting the abusive filtering. Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
