- From: Eliot Lear <lear@cisco.com>
- Date: Wed, 18 Jul 2012 17:57:46 +0200
- To: Patrick McManus <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Hi Patrick, > Your point is incredibly important, is absolutely intertwined, and > deserves lots of attention. I feel like focus in that area is building > but there is nothing to show for it yet. Thanks. I agree. > However, its not an inherently > unsolvable problem and thus I really disagree with the "red herring" > claim. What I meant by red herring is that I haven't heard anyone object to the assertion that privacy is good. I'm just concerned that mandating crypto without thinking about the UI implications could make things worse. I do not know how hard the problem is. It's not like we haven't been looking at reputation/certification elsewhere, but more work is required, as you mention above. Mozilla and other browser developers are in a very good position to discuss what user indications might work versus what might not, and what the protocol implications are. Also, I'm reminded that because HTTP is used for everything in the world, the applicability of this work could be circumscribed to try to make some of these issues more tractable (like whether a user is present). > Transport security needs to be used more widely and we also need > to make the transport security work better. Sure. > > I don't think that means throwing away TLS (or even the way PKI is > managed) in favor of something else, but I'm open to a different > strategy that achieves the same goals. I think everyone is. Sure. Warmest regards, Eliot
Received on Wednesday, 18 July 2012 15:58:14 UTC