W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Call for Adoption: Encrypted Content Encoding

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 1 Dec 2015 14:14:16 +0100
To: Eliot Lear <lear@cisco.com>, Cory Benfield <cory@lukasa.co.uk>
Cc: "Walter H." <Walter.H@mathemainzel.info>, Roland Zink <roland@zinks.de>, Jim Manico <jim@manicode.com>, ietf-http-wg@w3.org
Message-ID: <565D9D28.9050400@gmx.de>
On 2015-12-01 14:01, Eliot Lear wrote:
> ...
> I'm sympathetic to the draft being adopted, but your argument above is a
> little off.  Today the Internet is full of intermediaries that do not
> add malware, and would not happily add malware.  You yourself are using
> just such an intermediary for your own email.  Even if we assume that
> you meant to say that there is a threat that intermediaries can
> introduce malware, my concern is more that a server will end up serving
> up malware without any knowledge of doing so.  This is a separate threat
> to those who retrieve information.  And you seem to agree because you
> write...
> ...

One could argue that that server is only serving some opaque blob, and 
only by combining it with additional information for decryption (not 
available from that server), the malware comes into existence.

Best regards, Julian
Received on Tuesday, 1 December 2015 13:14:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC