W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Carl Wallace <carl@redhoundsoftware.com>
Date: Thu, 13 Sep 2012 11:34:24 -0400
To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Phillip Hallam-Baker <hallam@gmail.com>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CC777520.27000%carl@redhoundsoftware.com>
On 9/13/12 11:30 AM, "Poul-Henning Kamp" <phk@phk.freebsd.dk> wrote:

>In message 
>, Phillip Hallam-Baker writes:
>>> There is a 4th option: leave the e2e semantics as-is and write an
>>> RFC called "HTTPS MITM considered harmful" that explains the
>>> issues and trade-offs and says why we don't want to standardise
>>> that (mis)behaviour.
>Is it "misbehaviour" when mandated by law in supposedly civilized
>societies ?
>Is it "misbehaviour" when security concious organizations or organizations
>under legal mandate to record all communications want to do it ?
>Better to standardize, and let the user know they have limited privacy,
>than the current "we're to holy for this" attitude that forces people to
>fudge certificates and leave the users with no clue to the privacy

Received on Thursday, 13 September 2012 15:35:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:03 UTC