W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Re[2]: Mandatory encryption

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Wed, 18 Jul 2012 19:04:58 -0500
Message-ID: <CACuKZqHt3XbOrO18EbZkdQHRXOvgEN7QWDR-M51Eqrm37t-2dg@mail.gmail.com>
To: "Adrien W. de Croy" <adrien@qbik.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
The man/woman in the middle who has the authority to snoop also has
the authority to temper with certificates. The cost of doing that is
not prohibitively high for the authority, therefore it should be a
point against mandatory encryption.

For little guys though, the cost of certificates can be too high. I
don't think there's a conspiracy from Google etc to stiff
competitions, but these guys probably don't care too much about some
amateurs building toy webapps.

Zhong Yu
Received on Thursday, 19 July 2012 00:05:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 July 2012 00:05:32 GMT