Re: Semantics of HTTPS

On 9/13/12 11:30 AM, "Poul-Henning Kamp" <> wrote:

>In message 
>, Phillip Hallam-Baker writes:
>>> There is a 4th option: leave the e2e semantics as-is and write an
>>> RFC called "HTTPS MITM considered harmful" that explains the
>>> issues and trade-offs and says why we don't want to standardise
>>> that (mis)behaviour.
>Is it "misbehaviour" when mandated by law in supposedly civilized
>societies ?
>Is it "misbehaviour" when security concious organizations or organizations
>under legal mandate to record all communications want to do it ?
>Better to standardize, and let the user know they have limited privacy,
>than the current "we're to holy for this" attitude that forces people to
>fudge certificates and leave the users with no clue to the privacy


Received on Thursday, 13 September 2012 15:35:07 UTC