- From: Roland Zink <roland@zinks.de>
- Date: Mon, 17 Nov 2014 15:16:52 +0100
- To: ietf-http-wg@w3.org
On 17.11.2014 13:56, Poul-Henning Kamp wrote: > -------- > In message <5469EE2F.2020108@zinks.de>, Roland Zink writes: > > Actually I think the most important part is this: > >>>> Encryption >>>> should be authenticated where possible, but even protocols providing >>>> confidentiality without authentication are useful in the face of >>>> pervasive surveillance as described in RFC 7258. > Will browsers finally stop treating self-signed-certs as if they > were highly radioaktive ? > Good question. One example is my home router. When I change the name it automatically generates a new self-signed certificate. However when accessing the UI the browser gives an error message and only brave people will probably continue. Others may just fall back to unencrypted http. Roland
Received on Monday, 17 November 2014 14:29:47 UTC