W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Henry Story <henry.story@bblfish.net>
Date: Thu, 29 Mar 2012 09:13:45 +0200
Cc: patrick mcmanus <pmcmanus@mozilla.com>, ietf-http-wg@w3.org
Message-Id: <0BD7B951-93F7-4620-A098-987EF53E2CA3@bblfish.net>
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>

On 29 Mar 2012, at 08:46, Poul-Henning Kamp wrote:

> In message <4F7389AA.6050005@mozilla.com>, patrick mcmanus writes:
>> On 3/28/2012 11:42 PM, Willy Tarreau wrote:
> 
>> You might care that someone else knows that you are seeing it (and are 
>> therefore present and watching your tv).
> 
> You seem to forget that it takes two to tango:  There is a client and
> a server.  The server might not be wanting, able or even legally allowed
> to use crypto.

You mean the server may not be allowed to use crypto for encryption. I seriously
doubt a server may not be allowed to use crypto for integrity and identity. TLS
allows crypto to be used for integrity and identity without confidentiality. 
User interfaces do need to be improved to make this visible, but it is available.

> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.
> 

Social Web Architect
http://bblfish.net/
Received on Thursday, 29 March 2012 07:14:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT