- From: Mike Belshe <mike@belshe.com>
- Date: Fri, 6 Apr 2012 15:30:27 +0000
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Cc: "William Chan (陈智昌)" <willchan@chromium.org>, ietf-http-wg@w3.org
- Message-ID: <CABaLYCugwucMQ6c=RbxbxPUoTaMrGi1R_5bVqBEKSmZwE6toCQ@mail.gmail.com>
On Fri, Apr 6, 2012 at 3:19 PM, Nicolas Mailhot <nicolas.mailhot@laposte.net > wrote: > > Le Ven 6 avril 2012 16:43, William Chan (陈智昌) a écrit : > > >> If you want to add security to browsing make *very* sure there is little > >> reason > >> for legal-abiding entities to break it, or they will finance and build > the > >> tools > >> criminals will use. That means using encryption sparingly, not as a > blanket > >> system. > > > This logic makes no sense to me. I disagree strongly. > > I'm not making a logic point, I'm stating how things are moving now, from > direct experience. People have been blindly pushing for https everywhere > those > past years without handling the pain points this caused to corporations, > and > as a results lots of proxy providers are getting fat sums to break this > encryption now > This sounds great to me. If it gets broken, we'll fix it. No point in pretending it is secure if it is really not. I expect a lot of innovation in the CA verification / trust arena in the next few years. If you keep up on that side of the world - you'll see there is a lot that can change very soon. But this is a bit orthogonal to HTTP/2.0. Mike > > (and btw browsers and google are not the only ones to blame, vendors like > Citrix that have told IT it could just tunnel citrix through https and > network > admins would be none the wiser helped quite a lot too) > > -- > Nicolas Mailhot > > >
Received on Friday, 6 April 2012 15:30:57 UTC