- From: Paul Leach <paulle@microsoft.com>
- Date: Wed, 17 Dec 1997 10:53:49 -0800
- To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, 'Randy Turner' <rturner@sharplabs.com>
- Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Damn Exchange! It messed up the indenting when I cut and pasted... and hence you can't tell what Randy said and what I said. See below to correct that: > ---------- > From: Paul Leach > Sent: Wednesday, December 17, 1997 10:42 AM > To: Phillip M. Hallam-Baker; 'Randy Turner' > Cc: rlgray@us.ibm.com; HTTP Working Group > Subject: RE: Digest mess > > This is what Randy said: > > ---------- > > From: Randy Turner[SMTP:rturner@sharplabs.com] > > Sent: Wednesday, December 17, 1997 12:08 AM > > > > If we're going to adequately address security, > > I would like to see it solved more > > robustly. Transport Layer Security (TLS) > > seems to address most, if not all, security > > requirements of most applications using HTTP. > > This was my reply: > > > > Sure you can use SSL/TLS for all Web security -- and you can use atom > > bombs to kill ants, too. > > > > There is no way to use TLS w/o encryption; and encryption is expensive > and > > often not needed. > > > > There is no way to use TLS for client authentication without client > > certificates. Getting everyone to have a certificate is non-trivial, > > whereas everyone has passwords. > > > Paul > >
Received on Wednesday, 17 December 1997 10:57:53 UTC