W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Carl Wallace <carl@redhoundsoftware.com>
Date: Thu, 13 Sep 2012 11:34:24 -0400
To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Phillip Hallam-Baker <hallam@gmail.com>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CC777520.27000%carl@redhoundsoftware.com>
On 9/13/12 11:30 AM, "Poul-Henning Kamp" <phk@phk.freebsd.dk> wrote:

>In message 
><CAMm+Lwi-CYPbEXDucjSVM273LKkprBMY=1hUA5dRwEnGxLBLaQ@mail.gmail.com>
>, Phillip Hallam-Baker writes:
>
>>> There is a 4th option: leave the e2e semantics as-is and write an
>>> RFC called "HTTPS MITM considered harmful" that explains the
>>> issues and trade-offs and says why we don't want to standardise
>>> that (mis)behaviour.
>
>Is it "misbehaviour" when mandated by law in supposedly civilized
>societies ?
>
>Is it "misbehaviour" when security concious organizations or organizations
>under legal mandate to record all communications want to do it ?
>
>Better to standardize, and let the user know they have limited privacy,
>than the current "we're to holy for this" attitude that forces people to
>fudge certificates and leave the users with no clue to the privacy
>invasion.

+1
Received on Thursday, 13 September 2012 15:35:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 September 2012 15:35:17 GMT