- From: Zhong Yu <zhong.j.yu@gmail.com>
- Date: Fri, 15 Nov 2013 09:30:22 -0600
- To: HTTP Working Group <ietf-http-wg@w3.org>
Mentioning a specific nationality haphazardly is distractive and counter-productive for this discussion. On Fri, Nov 15, 2013 at 12:57 AM, Nicolas Mailhot <nicolas.mailhot@laposte.net> wrote: > > Le Ven 15 novembre 2013 07:01, Nicolas Mailhot a écrit : >> >> Le Jeu 14 novembre 2013 21:57, Roberto Peon a écrit : >>> .. And? >> >> And egg meet chicken you need the protocol to make the connexion work, but >> you're building a protocol that requires this connexion before working > > (unless of course I misunderstood and instead of using the physical link > to import a trusted cert in the device you want to use it to import > whatever's in the device in your browser cert store. Making any connected > device factory in China a giant CA able to inject any cert it wants in > millions of browsers. And I thought existing CA security was bad, do you > think the Chinese factory will even bother with a physical lock on its > mastering robots?) > > -- > Nicolas Mailhot >
Received on Friday, 15 November 2013 15:30:53 UTC