- From: Tim Bray <tbray@textuality.com>
- Date: Thu, 19 Jul 2012 09:05:45 -0700
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Cc: Henry Story <henry.story@bblfish.net>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
No, privacy is important. There are things on my blog that people in certain situations could get in trouble just for reading. I should offer privacy, and it’s a failure on my part that I don’t. -T On Thu, Jul 19, 2012 at 8:49 AM, Nicolas Mailhot <nicolas.mailhot@laposte.net> wrote: > >> I think in the case of Ongoing privacy is not in fact important. But >> security is! > > I think that in many cases, what matters is not 'have I got a direct > opaque un-spoofable link to the web site' (that TLS gives you) but 'is the > content I receive the same a trusted entity published' (non-tampering) > > You have this problem with intermediaries but also without intermediaries > > For example, all the mirroring sites that perform a service for free of > live by slapping ads around convenient ways to download content produced > by others. > > What matters when someone goes to downloads.com, is not that he is talking > to downloads.com itself, but that the binary payload downloaded was > actually released by the editor downloads.com labels it with. > > If HTTP/2 includes a command that basically means 'give me the signed > digest associated with URL X or Y': > 1. user agents can check if intermediaries didn't mess with the relayed > content > 2. user agents can check if the content they received over a supposedly > secure link was not tampered before transmission, if the web site is not > the original producer of the content (mirrors just have to mirror the > original signature in addition to the content itself). Secure link ≠ > secure content > > This is something TLS itself will never give you, the TLS trust model does > not work at all in any relaying situation (either direct relay with > proxies and other intermediaries, or deferred rely in the mirror case) > > So you solve two problems in one go and the protocol changes are useful > even in proxy-less environments > > Or am I missing something? > > -- > Nicolas Mailhot >
Received on Thursday, 19 July 2012 16:06:16 UTC