W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Fri, 6 Apr 2012 17:19:05 +0200
Message-ID: <e5c87e2674f275e06381ef39081f12c0.squirrel@arekh.dyndns.org>
To: "William Chan (陈智昌)" <willchan@chromium.org>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org

Le Ven 6 avril 2012 16:43, William Chan (陈智昌) a écrit :

>> If you want to add security to browsing make *very* sure there is little
>> reason
>> for legal-abiding entities to break it, or they will finance and build the
>> tools
>> criminals will use. That means using encryption sparingly, not as a blanket
>> system.

> This logic makes no sense to me. I disagree strongly.

I'm not making a logic point, I'm stating how things are moving now, from
direct experience. People have been blindly pushing for https everywhere those
past years without handling the pain points this caused to corporations, and
as a results lots of proxy providers are getting fat sums to break this
encryption now

(and btw browsers and google are not the only ones to blame, vendors like
Citrix that have told IT it could just tunnel citrix through https and network
admins would be none the wiser helped quite a lot too)

-- 
Nicolas Mailhot
Received on Friday, 6 April 2012 15:19:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT