Re: Mandatory encryption

On Wed, 2012-07-18 at 15:56 +0200, Eliot Lear wrote:
> Mike,
> On 7/18/12 8:54 AM, Mike Belshe wrote:
> > Show me the user that will stand up and say, "Yes, I would like my
> > communications to be snoopable and changeable by 3rd parties without
> > my knowledge."
> > 
> This is a red herring.  The real argument is around the ability of all
> web servers to get certificates that the browser will  / should trust,
> or using a means of trust that doesn't require certificate chains.
> [..]

Your point is incredibly important, is absolutely intertwined, and
deserves lots of attention. I feel like focus in that area is building
but there is nothing to show for it yet. However, its not an inherently
unsolvable problem and thus I really disagree with the "red herring"
claim. Transport security needs to be used more widely and we also need
to make the transport security work better.

I don't think that means throwing away TLS (or even the way PKI is
managed) in favor of something else, but I'm open to a different
strategy that achieves the same goals. I think everyone is.

Received on Wednesday, 18 July 2012 15:15:55 UTC