- From: Eric J. Bowman <eric@bisonsystems.net>
- Date: Tue, 6 Jan 2015 22:54:57 -0700
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Tim Berners-Lee <timbl@w3.org>, Henri Sivonen <hsivonen@hsivonen.fi>, Public TAG List <www-tag@w3.org>
Martin Thomson wrote: > > Tim Berners-Lee wrote > > > If the videos are all https: then he won't be able to cache them, > > except -- not to worry, the tools he buys will probably include > > MITM attack tools, so in fact he *will* be able to cache things > > after all. > > I think that it's a little sad that this is the only response we have > to this situation. Of course we can break the encryption. It does > instantly restore function to our existing toolchain. > > Or, we could apply ourselves to the problem and then maybe we can have > both security AND caching. > > Jus' sayin'. > +1 My point entirely. Eliminating caching in the name of security, particularly if the result isn't secure, amounts to throwing the baby out with the bathwater. It's a cop-out by the very insitutions folks rely on to solve problems, not come up with cop-outs, regardless of how marketable such cop-outs are to the gullible. An insecure basis for enhancing future security is an oxymoron, at best. Ubiquitous HTTPS is being sold as "good enough for now, we'll fix it later," which gives me the willies. Fixing it later may amount to one helluva lot more work than getting started off on the right foot. -Eric
Received on Wednesday, 7 January 2015 05:55:08 UTC