- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Fri, 6 Apr 2012 14:33:29 +0000 (UTC)
- To: ietf-http-wg@w3.org
Amos Jeffries <squid3@...> writes: > IME admin are usually not that eager to do MITM on TLS. Yes there are all sorts of unpleasant legal risks involved > It is required by policy makers who just want to publish tick-box policies It is required to authenticate proxy users now that popular sites are moving to ssl, since no one has defined a reliable way to do it without breaking tls. And then once the system is in place who will vouch it won't be abused for corporate follies? It is *very* dangerous to make encryption an all-or-nothing proposal. That makes it an everyone-has-a-reason-to-break-it system, which means it *will* be broken, even in the cases it's perfectly justified. If you want to add security to browsing make *very* sure there is little reason for legal-abiding entities to break it, or they will finance and build the tools criminals will use. That means using encryption sparingly, not as a blanket system.
Received on Friday, 6 April 2012 14:34:03 UTC