W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: Digest mess

From: Paul Leach <paulle@microsoft.com>
Date: Wed, 17 Dec 1997 10:53:49 -0800
Message-Id: <5CEA8663F24DD111A96100805FFE658720388A@red-msg-51.dns.microsoft.com>
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, 'Randy Turner' <rturner@sharplabs.com>
Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Damn Exchange! It messed up the indenting when I cut and pasted... and hence
you can't tell what Randy said and what I said. See below to correct that:

> ----------
> From: 	Paul Leach
> Sent: 	Wednesday, December 17, 1997 10:42 AM
> To: 	Phillip M. Hallam-Baker; 'Randy Turner'
> Cc: 	rlgray@us.ibm.com; HTTP Working Group
> Subject: 	RE: Digest mess
> 
> 
This is what Randy said:

> > ----------
> > From: 	Randy Turner[SMTP:rturner@sharplabs.com]
> > Sent: 	Wednesday, December 17, 1997 12:08 AM
> > 
> > If we're going to adequately address security,
> > I would like to see it solved more
> > robustly. Transport Layer Security (TLS)
> > seems to address most, if not all, security
> > requirements of most applications using HTTP.
> 
> 
This was my reply:
> > 
> > Sure you can use SSL/TLS for all Web security -- and you can use atom
> > bombs to kill ants, too.
> > 
> > There is no way to use TLS w/o encryption; and encryption is expensive
> and
> > often not needed.
> > 
> > There is no way to use TLS for client authentication without client
> > certificates. Getting everyone to have a certificate is non-trivial,
> > whereas everyone has passwords.
> > 
> Paul
> 
> 
Received on Wednesday, 17 December 1997 10:57:53 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT