- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Thu, 13 Sep 2012 15:56:21 +0100
- To: Phillip Hallam-Baker <hallam@gmail.com>
- CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On 09/13/2012 02:47 PM, Phillip Hallam-Baker wrote: > 3) Provide a comprehensive mechanism that is conditioned on informed > consent. I'm not at all sure that this option is even feasible for https. There is a 4th option: leave the e2e semantics as-is and write an RFC called "HTTPS MITM considered harmful" that explains the issues and trade-offs and says why we don't want to standardise that (mis)behaviour. S
Received on Thursday, 13 September 2012 14:57:13 UTC