- From: Paul Leach <paulle@microsoft.com>
- Date: Wed, 17 Dec 1997 10:42:42 -0800
- To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, 'Randy Turner' <rturner@sharplabs.com>
- Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
> ---------- > From: Randy Turner[SMTP:rturner@sharplabs.com] > Sent: Wednesday, December 17, 1997 12:08 AM > > If we're going to adequately address security, > I would like to see it solved more > robustly. Transport Layer Security (TLS) > seems to address most, if not all, security > requirements of most applications using HTTP. > > Sure you can use SSL/TLS for all Web security -- and you can use atom > bombs to kill ants, too. > > There is no way to use TLS w/o encryption; and encryption is expensive and > often not needed. > > There is no way to use TLS for client authentication without client > certificates. Getting everyone to have a certificate is non-trivial, > whereas everyone has passwords. > Paul
Received on Wednesday, 17 December 1997 10:47:27 UTC