- From: Phillip Hallam-Baker <hallam@gmail.com>
- Date: Wed, 18 Jul 2012 12:02:21 -0400
- To: Tim Bray <tbray@textuality.com>
- Cc: Eliot Lear <lear@cisco.com>, Mike Belshe <mike@belshe.com>, Willy Tarreau <w@1wt.eu>, Paul Hoffman <paul.hoffman@gmail.com>, grahame@healthintersections.com.au, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
No what is being said is. a) Privacy is a requirement in certain applications b) Mandating confidentiality does not guarantee privacy c) Mandating one particular approach to confidentiality does not guarantee privacy d) The proposed approach is only designed to meet a specific set of requirements e) The cost of doing it right is greater than many implementations will bear I am all for TLS, our business depends on it. I have demonstrated a use case where encryption MUST NOT be used. Can anyone show me a Web browser that does not support TLS? I don't think there is one. I am also all for being pro-user except when there are no users which is actually a major set of use cases for HTTP/1.1. Also note that the mere presence of a mandate in an IETF spec isn't worth the paper it is not written on. NO browser that is in use today implements PKIX according to the spec and no browser provider intends to comply unless the spec is changed. I can't see how a TLS mandate would be any more successful. On Wed, Jul 18, 2012 at 11:09 AM, Tim Bray <tbray@textuality.com> wrote: > On Wed, Jul 18, 2012 at 6:56 AM, Eliot Lear <lear@cisco.com> wrote: >>> Show me the user that will stand up and say, "Yes, I would like my >>> communications to be snoopable and changeable by 3rd parties without my >>> knowledge." >> >> >> This is a red herring. The real argument is around the ability of all web >> servers to get certificates > > This pattern keeps coming up. > A: “Privacy is good” > B: “No, because the technology is currently too expensive/unreliable” > > Uh... privacy is good. -T -- Website: http://hallambaker.com/
Received on Wednesday, 18 July 2012 16:02:52 UTC