Time For X-No-Wiretap HTTP Header? 202
Freshly Exhumed writes "A security blogger, acknowledging that the NSA methodically ranks communications on the basis of their 'foreignness' factor to determine candidacy for prolonged retention proposes, is proposing '...an opportunity for us on the civilian front to aid the NSA by voluntarily indicating citizenship on all our networked communications. Here, we define the syntax and semantics of X-No-Wiretap, a HTTP header-based mechanism for indicating and proving citizenship to well-intentioned man-in-the-middle parties. It is inspired by the enormously successful RFC 3514 IPv4 Security Flag and HTTP DNT header.'"
Asking them nicely will stop help? (Score:3, Funny)
The only way we are going to solve this NSA mess is to clean house...and the senate...
Dangerous Crypto mistake - my testing results (Score:4, Funny)
When I saw that this proposal "deprecates all the SSL/TLS ciphers in favor of Double CAESAR’13" (a.k.a. ROT-13) I knew it was going to be great. BTW, a big shoutout to my friends over in the Caesarian section! Okay, so I needed to run some sandboxed tests first. After using Double ROT-13 everything was going perfectly, according to the spec, but I decided to gamble on TRIPLE ROT-13. Big mistake. Don't do it! All I ended up with was a bunch of gobbledegook that I couldn't work with anymore, so I had to just delete everything and start all over again. Don't use TRIPLE ROT-13!!!!!!!1
I wish I could have been FP to warn everyone. I'm glad this proposal sticks with Double!