W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: MLS or TLS? There is more than one encryption option.

From: Tobias Gondrom <tobias.gondrom@gondrom.org>
Date: Fri, 15 Nov 2013 16:40:32 -0500
To: Bruce Perens <bruce@perens.com>,ietf-http-wg@w3.org
Message-ID: <bee5ccfc-1ccc-46a1-9b2a-b73b36c33b74@email.android.com>
Not so trivial if the server has key pinning.
Best regards, Tobias

Bruce Perens <bruce@perens.com> wrote:
>On 11/15/2013 12:18 PM, Poul-Henning Kamp wrote:
>
>Now that we are going to be going for preventing pervasive
>surveillance, 
>
>I hate to be the one to bring this up, but that is not in any way shape
>or form inside the WG charter 
>
>This is no surprise.
>
>I am approaching the conclusion that it's impossible, anyway. Given
>that a government subverts even one CA with a certificate that is
>honored by the browser, a man-in-the-middle attack that would fool the
>naive user becomes trivial.

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Received on Friday, 15 November 2013 21:41:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC