W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Fri, 15 Nov 2013 07:10:44 +0100
Message-ID: <9674f6381cf92a1a2308a89aa4b370b7.squirrel@arekh.dyndns.org>
To: "Roberto Peon" <grmocg@gmail.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Zhong Yu" <zhong.j.yu@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>, "Frédéric Kayser" <f.kayser@free.fr>, "Patrick McManus" <pmcmanus@mozilla.com>

Le Jeu 14 novembre 2013 21:36, Roberto Peon a écrit :

> If you need a MITM to feel or be safe, then it is absolutely clear that
> you will deploy one.

I only need a MITM to feel or be safe if browsers insist their mission is
to surrender control of my computers to random web sites and insist on
torpedoing any control system I may wish to deploy on my network to
protect my users (my users, not theirs, because *I* have legal obligations
towards them, not random web sites on the other side of earth of browser
developers)

And I didn't need MITM in http 1.1 that this workgroup charter said it is
tasked to replace, before people decided to embark on wild crusades
against "pervasive surveillance" when every public data fact so far
indicates this "pervasive surveillance" occurs at endpoints and no
protocol change will have any effect on it.

>Having thought about and worried about the problem and
> even proposed a draft about it (exproxy),

And that was much appreciated thank you

-- 
Nicolas Mailhot
Received on Friday, 15 November 2013 06:11:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC