- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Thu, 13 Sep 2012 15:30:37 +0000
- To: Phillip Hallam-Baker <hallam@gmail.com>
- cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
In message <CAMm+Lwi-CYPbEXDucjSVM273LKkprBMY=1hUA5dRwEnGxLBLaQ@mail.gmail.com> , Phillip Hallam-Baker writes: >> There is a 4th option: leave the e2e semantics as-is and write an >> RFC called "HTTPS MITM considered harmful" that explains the >> issues and trade-offs and says why we don't want to standardise >> that (mis)behaviour. Is it "misbehaviour" when mandated by law in supposedly civilized societies ? Is it "misbehaviour" when security concious organizations or organizations under legal mandate to record all communications want to do it ? Better to standardize, and let the user know they have limited privacy, than the current "we're to holy for this" attitude that forces people to fudge certificates and leave the users with no clue to the privacy invasion. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 13 September 2012 15:31:06 UTC