- From: Tobias Gondrom <tobias.gondrom@gondrom.org>
- Date: Fri, 15 Nov 2013 16:40:32 -0500
- To: Bruce Perens <bruce@perens.com>,ietf-http-wg@w3.org
Received on Friday, 15 November 2013 21:41:10 UTC
Not so trivial if the server has key pinning. Best regards, Tobias Bruce Perens <bruce@perens.com> wrote: >On 11/15/2013 12:18 PM, Poul-Henning Kamp wrote: > >Now that we are going to be going for preventing pervasive >surveillance, > >I hate to be the one to bring this up, but that is not in any way shape >or form inside the WG charter > >This is no surprise. > >I am approaching the conclusion that it's impossible, anyway. Given >that a government subverts even one CA with a certificate that is >honored by the browser, a man-in-the-middle attack that would fool the >naive user becomes trivial. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Received on Friday, 15 November 2013 21:41:10 UTC