W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: Digest mess

From: Paul Leach <paulle@microsoft.com>
Date: Wed, 17 Dec 1997 10:42:42 -0800
Message-Id: <5CEA8663F24DD111A96100805FFE6587203888@red-msg-51.dns.microsoft.com>
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, 'Randy Turner' <rturner@sharplabs.com>
Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>

> ----------
> From: 	Randy Turner[SMTP:rturner@sharplabs.com]
> Sent: 	Wednesday, December 17, 1997 12:08 AM
> 
> If we're going to adequately address security,
> I would like to see it solved more
> robustly. Transport Layer Security (TLS)
> seems to address most, if not all, security
> requirements of most applications using HTTP.
> 
> Sure you can use SSL/TLS for all Web security -- and you can use atom
> bombs to kill ants, too.
> 
> There is no way to use TLS w/o encryption; and encryption is expensive and
> often not needed.
> 
> There is no way to use TLS for client authentication without client
> certificates. Getting everyone to have a certificate is non-trivial,
> whereas everyone has passwords.
> 
Paul
Received on Wednesday, 17 December 1997 10:47:27 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT