Recent revelations have shed light on the scale of eavesdropping on Internet traffic; violating the privacy of almost every Internet user. In response, protocol designers, engineers and service operators have begun deploying encryption (often opportunistic) to protect the confidentiality of users' communications. The lack of authentication in opportunistic encryption could have the perverse affect of putting more end users at risk: thinking that they are "secure", an end user may divulge private information to an imposter instead of the service they believe they have contacted. When adding protection mechanisms to protocols, designers and implementers should not downplay the importance of authentication in order to make opportunistic encryption easier to deploy.
February 28-March 1, 2014
A W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)