W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 18 Nov 2013 12:24:49 +1100
Message-Id: <3779E20B-623B-4A29-8482-FDB8CC4A2BC1@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
Indeed.

On 16/11/2013, at 2:30 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote:

> Mentioning a specific nationality haphazardly is distractive and
> counter-productive for this discussion.
> 
> 
> On Fri, Nov 15, 2013 at 12:57 AM, Nicolas Mailhot
> <nicolas.mailhot@laposte.net> wrote:
>> 
>> Le Ven 15 novembre 2013 07:01, Nicolas Mailhot a écrit :
>>> 
>>> Le Jeu 14 novembre 2013 21:57, Roberto Peon a écrit :
>>>> .. And?
>>> 
>>> And egg meet chicken you need the protocol to make the connexion work, but
>>> you're building a protocol that requires this connexion before working
>> 
>> (unless of course I misunderstood and instead of using the physical link
>> to import a trusted cert in the device you want to use it to import
>> whatever's in the device in your browser cert store. Making any connected
>> device factory in China a giant CA able to inject any cert it wants in
>> millions of browsers. And I thought existing CA security was bad, do you
>> think the Chinese factory will even bother with a physical lock on its
>> mastering robots?)
> 
> 
>> 
>> --
>> Nicolas Mailhot
>> 
> 

--
Mark Nottingham   http://www.mnot.net/
Received on Monday, 18 November 2013 01:25:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC