On Fri, Apr 6, 2012 at 1:36 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote: > > > On 04/06/2012 09:29 PM, Roberto Peon wrote: > >> doesn't breach the user's >> trust without the user's knowledge. >> > > Ideas for how to do that welcome;-) > I'l be submitting a draft sometime next week about all of this, hopefully. > > Its UI stuff (and hence not an IETF thing really), but afaik, > we've (tech industry generally) failed miserably in informing > end-users about TLS. > Its not something we should try solve here, or construct > pre-conditions from, but equally we should be skeptical of > solutions where a well-informed end-user is needed. (And > that's implicit in some of the recent discussions here.) > Ah... I sometimes use user and useragent interchangably, when they're not. :/ I expect to have the site be able to state its policy in a way which is not easily spoofed by a proxy, and then to have the UA act upon that policy in some reasonable way (where the definition of reasonable changes depending on the scheme of the URL). -=R > > S. > >
Received on Friday, 6 April 2012 22:15:21 UTC