Lots of people here seem to focus on how this could prevent censorship and spying by governments. It might raise the bar, and make such measures infeasible for small countries, while also making it more visible.
But what we really should focus on is the added security everywhere else. Even when I trust my ISP, that is no reason not to have defense in depth.
Someday WiFi or 4G network will have a horrible security flaw. And then this will be another bolt in the next layer of security.
If security is important, we need multiple layers!
Focusing on what authoritarian governments might or might not do is pretty much besides the point.
> Even when I trust my ISP, that is no reason not to have defense in depth.
But if this is the method we are following, we will also need to think about the costs-vs-benefits of different security measures.
If patching known exploits or threat-models, the cost-vs-benefit generally allows for very strong security measures because you know the risks if you don't implement it and you know when the measure is implemented and you are done.
However, with "defense-in-depth" you could always add another layer of encryption, add another sandbox layer or make a system less general-purpose. If security is your only priority, there is no point where you would stop.
> If security is your only priority, there is no point where you would stop.
in a secure system, adding defensive layers is constrained by the amount of code required to implement them. at a certain point, these layers can become an attack surface, and therefore a liability.
But what we really should focus on is the added security everywhere else. Even when I trust my ISP, that is no reason not to have defense in depth.
Someday WiFi or 4G network will have a horrible security flaw. And then this will be another bolt in the next layer of security.
If security is important, we need multiple layers!
Focusing on what authoritarian governments might or might not do is pretty much besides the point.