W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sat, 14 Dec 2013 20:55:17 +0000
To: Brian Smith <brian@briansmith.org>
cc: (wrong string) ™ˆ™˜Œ) <willchan@chromium.org>, Paul Hoffman <paul.hoffman@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <57622.1387054517@critter.freebsd.dk>
In message <CAFewVt6j0yaRboARj=wpaVO2s9M6j7_za-GXLp9ZWqkFtSys8A@mail.gmail.com>
, Brian Smith writes:

>We need to focus our effort on that problem.
>
>There are already at least three commercial CAs, that browsers trust, that
>give away free certificates: [...]

That's not really the key problem.

The key problem is that there are too many CAs which have been
willing or coerced to hand over bits, which allowed certain people
to lie about who they were.

Forcing or coercing people to use a known broken solution, which only
pretends to offer security, is at best deceptive and certainly
worse than letting people knowingly use plaintext.

Until you can offer a secure alternative, trying to force people
to use snake-oil security is just wrong.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Saturday, 14 December 2013 20:55:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC