W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Roberto Peon <grmocg@gmail.com>
Date: Fri, 6 Apr 2012 15:14:52 -0700
Message-ID: <CAP+FsNfRa6s6jpb0sNX5AFr9R9MM7FJpxgPfx8Y_Mx1kPtpCgA@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Willy Tarreau <w@1wt.eu>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
On Fri, Apr 6, 2012 at 1:36 PM, Stephen Farrell

> On 04/06/2012 09:29 PM, Roberto Peon wrote:
>> doesn't breach the user's
>> trust without the user's knowledge.
> Ideas for how to do that welcome;-)

I'l be submitting a draft sometime next week about all of this, hopefully.

> Its UI stuff (and hence not an IETF thing really), but afaik,
> we've (tech industry generally) failed miserably in informing
> end-users about TLS.

> Its not something we should try solve here, or construct
> pre-conditions from, but equally we should be skeptical of
> solutions where a well-informed end-user is needed. (And
> that's implicit in some of the recent discussions here.)

Ah... I sometimes use user and useragent interchangably, when they're not.
I expect to have the site be able to state its policy in a way which is not
easily spoofed by a proxy, and then to have the UA act upon that policy in
some reasonable way (where the definition of reasonable changes depending
on the scheme of the URL).


> S.
Received on Friday, 6 April 2012 22:15:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:02 UTC