W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Fri, 15 Nov 2013 09:30:22 -0600
Message-ID: <CACuKZqHvRd-CBbQkq=5DFN_Axk9oVUsGhGZO_vsW3Uc3HCTPeg@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Mentioning a specific nationality haphazardly is distractive and
counter-productive for this discussion.


On Fri, Nov 15, 2013 at 12:57 AM, Nicolas Mailhot
<nicolas.mailhot@laposte.net> wrote:
>
> Le Ven 15 novembre 2013 07:01, Nicolas Mailhot a écrit :
>>
>> Le Jeu 14 novembre 2013 21:57, Roberto Peon a écrit :
>>> .. And?
>>
>> And egg meet chicken you need the protocol to make the connexion work, but
>> you're building a protocol that requires this connexion before working
>
> (unless of course I misunderstood and instead of using the physical link
> to import a trusted cert in the device you want to use it to import
> whatever's in the device in your browser cert store. Making any connected
> device factory in China a giant CA able to inject any cert it wants in
> millions of browsers. And I thought existing CA security was bad, do you
> think the Chinese factory will even bother with a physical lock on its
> mastering robots?)


>
> --
> Nicolas Mailhot
>
Received on Friday, 15 November 2013 15:30:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC