W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Roberto Peon <grmocg@gmail.com>
Date: Fri, 6 Apr 2012 15:14:52 -0700
Message-ID: <CAP+FsNfRa6s6jpb0sNX5AFr9R9MM7FJpxgPfx8Y_Mx1kPtpCgA@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Willy Tarreau <w@1wt.eu>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
On Fri, Apr 6, 2012 at 1:36 PM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
>
> On 04/06/2012 09:29 PM, Roberto Peon wrote:
>
>> doesn't breach the user's
>> trust without the user's knowledge.
>>
>
> Ideas for how to do that welcome;-)
>

I'l be submitting a draft sometime next week about all of this, hopefully.


>
> Its UI stuff (and hence not an IETF thing really), but afaik,
> we've (tech industry generally) failed miserably in informing
> end-users about TLS.


> Its not something we should try solve here, or construct
> pre-conditions from, but equally we should be skeptical of
> solutions where a well-informed end-user is needed. (And
> that's implicit in some of the recent discussions here.)
>

Ah... I sometimes use user and useragent interchangably, when they're not.
:/
I expect to have the site be able to state its policy in a way which is not
easily spoofed by a proxy, and then to have the UA act upon that policy in
some reasonable way (where the definition of reasonable changes depending
on the scheme of the URL).

-=R


>
> S.
>
>
Received on Friday, 6 April 2012 22:15:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT