… It must be possible to protect streams and data from wiretapping [ RFC2804 ] [ RFC7258 ]. ---------------------------------------------------------------- F12 The browser must enable verification, given the right circumstances and by use of other trusted communication, that stre…

…F11 It must be possible to protect streams and data from wiretapping [RFC2804] [RFC7258]. ---------------------------------------------------------------- F12 The browser must enable verification, given the right circumstances and by use of other trusted communication, that strea…

… It must be possible to protect streams and data from wiretapping [ RFC2804 ] [ RFC7258 ]. ---------------------------------------------------------------- F12 The browser must enable verification, given the right circumstances and by use of other trusted communication, that stre…

… It must be possible to protect streams and data from wiretapping [ RFC2804 ] [ RFC7258 ]. ---------------------------------------------------------------- F12 The browser must enable verification, given the right circumstances and by use of other trusted communication, that stre…

…tes cannot be obtained and deployed. Given the pervasiveness of eavesdropping [ RFC7258 ], even an encrypted but unauthenticated connection might be better than an unencrypted connection in these scenarios (this is similar to the "better-than- nothing security" approach for IPsec…

…. DNSSEC does not protect the queries from pervasive monitoring as defined in [ RFC7258 ]. Since DNS queries are currently mostly unencrypted, a query to look up a target SMIMEA record could reveal that a user using the (monitored) recursive DNS server is attempting to send encry…

…quires authentication of the server. This mitigates both passive surveillance [ RFC7258 ] and active attacks that attempt to divert DNS traffic to rogue servers (see Section 2.5.1 of [RFC7626] ). DNS over TLS [ RFC7858 ] provides similar protections, while direct UDP- and TCP-bas…

…ring by other actors no matter how benevolent some might consider them to be." [RFC7258] Therefore, the algorithms defined in this document require mechanisms that provide for the privacy of data at the application layer, not simply integrity. 4.1.2. Active Network Attacker An "A…

…tes cannot be obtained and deployed. Given the pervasiveness of eavesdropping [ RFC7258 ], even an encrypted but unauthenticated connection might be better than an unencrypted connection in these scenarios (this is similar to the "better-than- nothing security" approach for IPsec…

…ates cannot be obtained and deployed. Given the pervasiveness of eavesdropping [RFC7258], even an encrypted but unauthenticated connection might be better than an unencrypted connection in these scenarios (this is similar to the "better-than- nothing security" approach for IPsec …

…TLS ] to reduce the chances of pervasive monitoring of their Web applications [ RFC7258 ]. G. Use Cases and Requirements This document attempts to address the Use Cases and Requirements for Installable Web Apps H. Issue summary There are no issues listed in this specification. I.…

…tes cannot be obtained and deployed. Given the pervasiveness of eavesdropping [ RFC7258 ], even an encrypted but unauthenticated connection might be better than an unencrypted connection in these scenarios (this is similar to the "better-than- nothing security" approach for IPsec…

…ciently private; however, these perceptions are evolving due to recent events [ RFC7258 ]. Other work that has offered the potential to encrypt between DNS clients and servers includes DNSCurve [ DNSCurve ], DNSCrypt DNSCRYPT-WEBSITE ], Confidential DNS [ CONFIDENTIAL-DNS ], and …

…ficantly more effort). The IETF’s "Pervasive Monitoring Is an Attack" document [RFC7258] is useful reading, outlining some of the impacts on privacy that this assumption entails. Governments aren’t the only concern; your local coffee shop is likely to be gathering information on …

…cessed seems innocuous. Finally, widespread attacks like Pervasive Monitoring [ RFC7258 ] further erode users' trust in the Web -- whether they be activists, businesses or ordinary citizens. This leads us to a conclusion that server authentication and integrity are baseline requi…