- From: Carl Wallace <carl@redhoundsoftware.com>
- Date: Thu, 13 Sep 2012 11:34:24 -0400
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Phillip Hallam-Baker <hallam@gmail.com>
- CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On 9/13/12 11:30 AM, "Poul-Henning Kamp" <phk@phk.freebsd.dk> wrote: >In message ><CAMm+Lwi-CYPbEXDucjSVM273LKkprBMY=1hUA5dRwEnGxLBLaQ@mail.gmail.com> >, Phillip Hallam-Baker writes: > >>> There is a 4th option: leave the e2e semantics as-is and write an >>> RFC called "HTTPS MITM considered harmful" that explains the >>> issues and trade-offs and says why we don't want to standardise >>> that (mis)behaviour. > >Is it "misbehaviour" when mandated by law in supposedly civilized >societies ? > >Is it "misbehaviour" when security concious organizations or organizations >under legal mandate to record all communications want to do it ? > >Better to standardize, and let the user know they have limited privacy, >than the current "we're to holy for this" attitude that forces people to >fudge certificates and leave the users with no clue to the privacy >invasion. +1
Received on Thursday, 13 September 2012 15:35:07 UTC