Verizon, Cisco, Microsoft And Others Pull The Plug On Default Encryption In HTTP/2


Recommended Posts

The HTTP/2 standard, the successor to HTTP/1.1, has recently been finalized by the Internet Engineering Task Force (IETF), and now all browsers and servers are free to use it. The HTTP/2 protocol initially started as a Google project called SPDY, which was encrypted by default, and it later entered the standardization process at IETF, so all browsers can start using it.

 

Unfortunately, despite the protocol's initial promise to be encrypted-only, the Open Web Alliance group, formed by companies such as Verizon, Comcast, Cisco, DISH, Microsoft and others, managed to fight against that plan in the last few months of the protocol's standardization process, making encryption optional. (You can learn more about the Open Web Alliance in this InfoWorld article.)

 

This happened despite an almost unanimous consensus of IETF in the fall of 2013 (post-Snowden revelations) that it will try to bring an Internet where everything is encrypted by default (see video below):

 

https://www.youtube.com/watch?v=oV71hhEpQ20

 

Through the lobbying power of the Open Web Alliance group and through well-placed members inside of IETF as co-chairs from companies such as Cisco, and even from agencies such as the NSA, the IETF organization eventually lost consensus for mandating that all HTTP/2 connections be secure by default.

 

The ones who had the most to gain from this are the telecom companies, which have recently started injecting ads into their customers browsing to make some extra revenue, despite already being paid more than reasonably well for their Internet connection services. Some of these companies have backtracked somewhat from doing this, in the sense that their tracking and ad-injection is optional, but still requires an opt-out; meaning, it's enabled by default for all customers.

 

Even if they had backtracked completely due to the recent PR scandals about these issues, the damage to the HTTP/2 protocol is already done, because it's unlikely that there will be an updated version that mandates encryption anytime soon. The previous version of the HTTP protocol came out in 1999, which is 16 years ago.

 

Fortunately, the browsers that have adopted it so far, such as Chrome and Firefox, are only enabling the encrypted version of HTTP/2. In these browsers, there won't be an option to use the HTTP/2 protocol without encryption, at least for now.

 

Despite Microsoft being part of the group that opposed mandatory encryption in HTTP/2, the Internet Explorer (IE) browser that comes with Windows 10 right now only has the encrypted version of HTTP/2 as well. However, Windows 10 is still in preview mode, and we haven't seen Project Spartan yet. So it remains to be seen if Microsoft will keep the encrypted-only HTTP/2 or adopt the plain-text one as well in the final versions of IE browsers. If Microsoft wants IE to be seen as secure as Chrome and Firefox, then hopefully the company will support only the encrypted version of HTTP/2.

 

 

 

http://www.tomshardware.com/news/verizon-cisco-microsoft-http2-encryption,28703.html

When you say "pull the plug", do you mean they no longer fund the project?  I read the entire post you put here but without a clear understanding.  This Net Neutrality topic is very confusing and tricky.  The polititians are being very deceitful about their power-hunger game.

  On 07/03/2015 at 08:02, _Alexander said:

What the ###### does Microsoft have to gain from this? ISPs, everyone knows they are scum of the earth, but MS?

Microsoft fund a lot of controversial stuff but they lie to the public.  In the eyes of the public, they are with the public.  At least that's what they did.  Two-face corporation.

  On 07/03/2015 at 08:09, Torolol said:

probably order for higher up to make the encryption optional, so the big bro could tap you up.

#thanksobama

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Vivaldi, spiritual fork of the original opera browser, highly configurable 
    • You could have moved her to Apple. Would have been the same ending. For the basic stuff it's fine, I agree.
    • iFixit explains why it is cutting the repairability score of the Nintendo Switch by half by David Uzondu With less than three days till the official release of the Nintendo Switch 2, iFixit just announced it is chopping the original Switch's repairability score clean in half, taking it from an 8 out of 10 all the way down to a 4. Now, the actual console from 2017 has not changed a bit, but iFixit says its way of looking at repair and what is even possible in handheld gaming has come a long way in eight years. The company figured that with the Switch 2 about to drop, people would want a proper way to compare the old with the new. Back when the Switch first came out, it was a weird one to score because it was part console, part handheld. iFixit now feels it has a better handle on things, and since Nintendo itself says most people play the Switch undocked, the device is getting judged harder as a portable machine. The iFixit Repairability Scoring Rubic So, what are the big complaints making iFixit take an axe to the score? Well, that glued-in battery is still incredibly difficult to remove, and the only way to charge the thing is through a port soldered right onto the main circuit board, which is always a recipe for repair nightmares. On top of that, Nintendo has never bothered to sell official replacement parts for the original Switch or even give out official repair guides. You cannot just ignore issues like that when you are talking about how easy something is to fix. Even finding one of the specific types of thermal goop you need for many fixes inside the console has been a pain. And while everyone knows about the Joy-Con drift, iFixit is clear its score does not hit for bad durability, but seeing so many busted joysticks has made how easy they are to fix a bigger deal in its scoring lately. This is not the first time iFixit has had to go back and change a score based on new information or a change in how it sees things, like in 2023 when it cut the iPhone 14's repairability score because Apple started using software to link almost every part to a specific phone, making independent repairs a massive pain even if the phone was physically easier to open. iFixit still gives Nintendo credit for the plug-and-play joysticks (even if they drift), storage you can replace and add to, and an inside layout that is mostly simple. But those good points just do not count for as much when you compare the Switch to what is out there now and how much easier other companies like ASUS with the ROG Ally and Lenovo with the Legion Go, are making repairs. iFixit is hoping Nintendo learned a few things for the Switch 2. Plus, there is a Right to Repair law in New York that kicked in for gadgets made after July 1, 2023. That law might just force Nintendo to sell parts and share repair info for the new console, at least for things like batteries and screens. If Nintendo starts selling parts and guides for the original Switch while people are still buying it, iFixit says it will happily look at the score again.
    • Yes and No... Yesterday there was someone on another forum asking what Linux version he should use for his transition from Windows, based on his graphical/video/3d needs. He got 10 different Linux distros and a handful of GUI's as an answer. Linux for the uninformed is just a hot mess regarding distributions. People are used to one Windows version. Or one Mac. Not having to choose from a pile of... what actually? And yes, Linux Mint would be a great replacement as long as you use the PC for the basics. Anything else will quickly result in frustration and searching on various forums. Linux isn't really the easy replacement for Windows. As I hate to say it, transitioning to a Mac is a way better experience. And I'm not entirely unfamiliar with Linux, having extensively dabbled with Mint and lately with Rocky for my Davinci Resolve experiments. It's still a pain... It really is..
    • Welcome on board!
  • Recent Achievements

    • Week One Done
      Leonard grant earned a badge
      Week One Done
    • One Month Later
      portacnb1 earned a badge
      One Month Later
    • Week One Done
      portacnb1 earned a badge
      Week One Done
    • First Post
      m10d earned a badge
      First Post
    • Conversation Starter
      DarkShrunken earned a badge
      Conversation Starter
  • Popular Contributors

    1. 1
      +primortal
      261
    2. 2
      snowy owl
      158
    3. 3
      +FloatingFatMan
      145
    4. 4
      ATLien_0
      140
    5. 5
      Xenon
      131
  • Tell a friend

    Love Neowin? Tell a friend!