Verizon, Cisco, Microsoft And Others Pull The Plug On Default Encryption In HTTP/2


Recommended Posts

The HTTP/2 standard, the successor to HTTP/1.1, has recently been finalized by the Internet Engineering Task Force (IETF), and now all browsers and servers are free to use it. The HTTP/2 protocol initially started as a Google project called SPDY, which was encrypted by default, and it later entered the standardization process at IETF, so all browsers can start using it.

 

Unfortunately, despite the protocol's initial promise to be encrypted-only, the Open Web Alliance group, formed by companies such as Verizon, Comcast, Cisco, DISH, Microsoft and others, managed to fight against that plan in the last few months of the protocol's standardization process, making encryption optional. (You can learn more about the Open Web Alliance in this InfoWorld article.)

 

This happened despite an almost unanimous consensus of IETF in the fall of 2013 (post-Snowden revelations) that it will try to bring an Internet where everything is encrypted by default (see video below):

 

https://www.youtube.com/watch?v=oV71hhEpQ20

 

Through the lobbying power of the Open Web Alliance group and through well-placed members inside of IETF as co-chairs from companies such as Cisco, and even from agencies such as the NSA, the IETF organization eventually lost consensus for mandating that all HTTP/2 connections be secure by default.

 

The ones who had the most to gain from this are the telecom companies, which have recently started injecting ads into their customers browsing to make some extra revenue, despite already being paid more than reasonably well for their Internet connection services. Some of these companies have backtracked somewhat from doing this, in the sense that their tracking and ad-injection is optional, but still requires an opt-out; meaning, it's enabled by default for all customers.

 

Even if they had backtracked completely due to the recent PR scandals about these issues, the damage to the HTTP/2 protocol is already done, because it's unlikely that there will be an updated version that mandates encryption anytime soon. The previous version of the HTTP protocol came out in 1999, which is 16 years ago.

 

Fortunately, the browsers that have adopted it so far, such as Chrome and Firefox, are only enabling the encrypted version of HTTP/2. In these browsers, there won't be an option to use the HTTP/2 protocol without encryption, at least for now.

 

Despite Microsoft being part of the group that opposed mandatory encryption in HTTP/2, the Internet Explorer (IE) browser that comes with Windows 10 right now only has the encrypted version of HTTP/2 as well. However, Windows 10 is still in preview mode, and we haven't seen Project Spartan yet. So it remains to be seen if Microsoft will keep the encrypted-only HTTP/2 or adopt the plain-text one as well in the final versions of IE browsers. If Microsoft wants IE to be seen as secure as Chrome and Firefox, then hopefully the company will support only the encrypted version of HTTP/2.

 

 

 

http://www.tomshardware.com/news/verizon-cisco-microsoft-http2-encryption,28703.html

When you say "pull the plug", do you mean they no longer fund the project?  I read the entire post you put here but without a clear understanding.  This Net Neutrality topic is very confusing and tricky.  The polititians are being very deceitful about their power-hunger game.

  On 07/03/2015 at 08:02, _Alexander said:

What the ###### does Microsoft have to gain from this? ISPs, everyone knows they are scum of the earth, but MS?

Microsoft fund a lot of controversial stuff but they lie to the public.  In the eyes of the public, they are with the public.  At least that's what they did.  Two-face corporation.

  On 07/03/2015 at 08:09, Torolol said:

probably order for higher up to make the encryption optional, so the big bro could tap you up.

#thanksobama

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Fan Control V227 by Razvan Serea Fan Control is a powerful and versatile portable utility that allows you to monitor, control and customize the fans of your GPU and CPU to keep your machine cool and running smoothly. Fan Control supports a wide range of devices and hardware configurations, giving you complete control over your computer's cooling system. Fan Control backend is mainly based on LibreHardwareMonitor, an open source fork of the original OpenHardwareMonitor. This means that hardware compatiblity is entirely open for anyone to contribute, and doesn't rely on a single developer who may stop caring at some point. Combined with the plugin system, Fan Control is unlocked for many generations of hardware to come. Main features Guided setup process on first launch Save, edit and load multiple profiles Change the theme and color of the application. Multiple temperature sources ( CPU, GPU, motherboard, hard drives... ) Multiple fan curve functions, including a custom graph Mix fan curves or sensor togethers (max, min, average) Low resource usage Advanced tuning with steps, start %, stop %, response time and hysteresis FanControl V227 changelog: Allow decimal with hysteresis values Radeon Pro support through ADLX Fix a bug when cancelling the graph editing dialog Update LibreHardwareMonitorLib Download: FanControl V227 | Installer ~15.0 MB (Open Source) View: Fan Control Homepage | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Lol tf you are talking about. People are PAYING by using this app exclusively, just indirectly. Do you have any idea how much facebook charges for api access to WhatsApp which has become more or less a monopoly in e-commerce.
    • My kid tried, so I took her to Microcenter and showed her the differences in price as well as storage and specs. We bought a Windows machine. She loves it, and is off to college this fall with her gaming level windows laptop at the price of a Mac that came with a 512GB SSD, and half the RAM.
    • Hasleo Backup Suite Free 5.4.2.1 by Razvan Serea Hasleo Backup Suite Free is a free Windows backup and restore software, which embeds backup, restore and cloning features, it is designed for Windows operating system users and can be used on both Windows PCs and Servers. The backup and restore feature of Hasleo Backup Suite can help you back up and restore the Windows operating systems, disks, partitions and files (folders) to protect the security of your Windows operating system and personal data. The cloning feature of Hasleo Backup Suite can help you migrate Windows to another disk, or easily upgrade a disk to an SSD or a larger capacity disk. System Backup & Restore / Disk/Partition Backup & Restore Backup Windows operating system and boot-related partitions, including user settings, drivers and applications installed in these partitions, which ensures that you can quickly restore your Windows operating system once it crashes. Viruses, power failure, or other unknown reasons may cause data loss, so it is a good habit to regularly back up the drive that stores important files, you can at least recover lost files from the backup image files in the event of a disaster. System Clone / Disk Clone / Partition Clone Migrate the Windows operating system from one disk to another SSD or larger disk without reinstalling Windows, applications and drivers. Clone entire disk to another disk and ensure that the contents of the source disk and the destination disk are exactly the same. Clone a partition completely to the specified location on the current disk or another disk and ensure that the data will not be changed. File Backup & Restore Back up specified files(folders) instead of the entire drive to another location to protect your data, so you can quickly restore files(folders) from the backup image files when needed. Incremental/Differential/Full Backup Different backup modes are supported, you can flexibly choose data protection schemes, which can improve backup performance and save storage space while ensuring data security. Delta Restore Delta restore uses advanced delta detection technology to check the changed blocks on the destination drive and restore only the changed blocks, so it has a faster restore speed than the traditional full restore. Universal Restore This feature can help us restore the Windows operating system to computers with different hardware and ensure that Windows can work normally without any hardware compatibility issues. Hasleo Backup Suite 5.4.2.1 changelog: The program crashes when sending emails Application notifications cannot be displayed in the Windows Notification Center Updated Italian and German translations Fixed other minor bugs Download: Hasleo Backup Suite 5.4.2.1 | 33.9 MB (Freeware) Links: Hasleo Backup Suite Website | Hasleo Backup Suite Guide | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • 99% of Control Panel will be moved to Settings. Then by 2050, 20% of settings will have been moved to the Configuration Menu. I have no issues with Settings as it exists now in Windows 11. Bring everything over and be done with it.
  • Recent Achievements

    • Contributor
      GravityDead went up a rank
      Contributor
    • Week One Done
      BlakeBringer earned a badge
      Week One Done
    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      660
    2. 2
      ATLien_0
      266
    3. 3
      Michael Scrip
      235
    4. 4
      Steven P.
      164
    5. 5
      +FloatingFatMan
      150
  • Tell a friend

    Love Neowin? Tell a friend!