- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 18 Nov 2013 12:24:49 +1100
- To: HTTP Working Group <ietf-http-wg@w3.org>
Indeed. On 16/11/2013, at 2:30 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote: > Mentioning a specific nationality haphazardly is distractive and > counter-productive for this discussion. > > > On Fri, Nov 15, 2013 at 12:57 AM, Nicolas Mailhot > <nicolas.mailhot@laposte.net> wrote: >> >> Le Ven 15 novembre 2013 07:01, Nicolas Mailhot a écrit : >>> >>> Le Jeu 14 novembre 2013 21:57, Roberto Peon a écrit : >>>> .. And? >>> >>> And egg meet chicken you need the protocol to make the connexion work, but >>> you're building a protocol that requires this connexion before working >> >> (unless of course I misunderstood and instead of using the physical link >> to import a trusted cert in the device you want to use it to import >> whatever's in the device in your browser cert store. Making any connected >> device factory in China a giant CA able to inject any cert it wants in >> millions of browsers. And I thought existing CA security was bad, do you >> think the Chinese factory will even bother with a physical lock on its >> mastering robots?) > > >> >> -- >> Nicolas Mailhot >> > -- Mark Nottingham http://www.mnot.net/
Received on Monday, 18 November 2013 01:25:13 UTC