- From: Jeffrey Walton <noloader@gmail.com>
- Date: Wed, 24 Dec 2014 17:48:51 -0500
- To: Alex Russell <slightlyoff@google.com>
- Cc: mozilla-dev-security@lists.mozilla.org, security-dev <security-dev@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, blink-dev <blink-dev@chromium.org>
On Wed, Dec 24, 2014 at 5:43 PM, Alex Russell <slightlyoff@google.com> wrote: > Which standards bodies are those? Cause the W3C TAG is recommending > pervasive end-to-end transit encryption. W3C and IETF. They may be recommending it, but their deliverables are failing to meet expectations. Jeff > On 18 Dec 2014 14:22, "Jeffrey Walton" <noloader@gmail.com> wrote: >> >> On Thu, Dec 18, 2014 at 5:10 PM, Daniel Kahn Gillmor >> <dkg@fifthhorseman.net> wrote: >> > ... >> > Four proposed fine-tunings: >> > >> > A) i don't think we should remove "This website does not supply >> > identity information" -- but maybe replace it with "The identity of this >> > site is unconfirmed" or "The true identity of this site is unknown" >> None of them are correct when an interception proxy is involved. All >> of them lead to a false sense of security. >> >> Given the degree to which standard bodies accommodate (promote?) >> interception, UA's should probably steer clear of making any >> statements like that if accuracy is a goal. >> >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscribe@chromium.org.
Received on Wednesday, 24 December 2014 22:49:18 UTC