Re: Moving forward on improving HTTP's security from Martin Thomson on 2013-11-13 (ietf-http-wg@w3.org from October to December 2013)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 13 Nov 2013 10:47:49 -0800
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: Tao Effect <contact@taoeffect.com>, Mike Belshe <mike@belshe.com>, Tim Bray <tbray@textuality.com>, James M Snell <jasnell@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnVqHNw_OcWWZFmNMiXx7vhhctq99JpbZqZ2bEqoL-cFPw@mail.gmail.com>

On 13 November 2013 10:42, William Chan (陈智昌) <willchan@chromium.org> wrote:
> If there are issues with TLS or the PKI or whatever we're relying on for the
> secure channel, let's fix it.

Yes.  We outsource the bulk of HTTP security work to the SEC area
working groups, primarily TLS.  They are acutely aware of the issues
and are working on improving the situation.  Let's concentrate on what
we can do.

Received on Wednesday, 13 November 2013 18:48:17 UTC