W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Willy Tarreau <w@1wt.eu>
Date: Wed, 28 Mar 2012 23:42:46 +0200
To: Roberto Peon <grmocg@gmail.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mike Belshe <mike@belshe.com>, patrick mcmanus <pmcmanus@mozilla.com>, ietf-http-wg@w3.org
Message-ID: <20120328214246.GL31508@1wt.eu>
Hi Roberto,

On Wed, Mar 28, 2012 at 11:30:03PM +0200, Roberto Peon wrote:
> I think there are other and/or better solutions than getting rid of
> security and privacy for the user. When I do the game theory:  a site which
> can deploy a lower cost solution at the detriment of a user's privacy will
> likely do so. Most businesses find local, not global maxima... Is that what
> we want to incent?

Not necessarily but similarly we don't necessarily want to decide for
the users that they need privacy where that really does not make sense
for them. If you have a widget on your TV displaying a beautiful clock
which looks nice in your living room, you don't care a dime that the
time of day is retrieved over HTTP and that someone else can see the
time you're seeing. I know that we can constantly invent a lot of made
up examples, my point is that we need to address the situations where
privacy is not a requirement. And I'm fairly certain that if we look
at many HTTP requests at a number of different places, we'd find a
significant percentage where there was no need for privacy protection
at all or where privacy was already addressed differently.

See you tomorrow,
Willy
Received on Wednesday, 28 March 2012 21:43:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT