- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 25 Aug 2013 21:05:03 +0000
- To: Roberto Peon <grmocg@gmail.com>
- cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>
In message <CAP+FsNekM95SuMvO1_hxeVf2hWb+rApzkD417n+1N5w_V2+VOA@mail.gmail.com>, Roberto Peon writes: >Such entities would have motivation to circumvent security regardless of >whether or not things are encrypted. That problem isn't technical-- it is >political. Correct, but if you make encrypt mandatory, they will have to break _all_ encryption, that's what the law tells them to. As long as encryption only affects a minority of traffic and they can easier go around (ie: FaceBook, Google etc. delivering the goods) they don't need to render _all_ encryption transparent. >In any case, the intent here is to negotiate for encryption, not security. As long as it's negotiation, and the server or client can decline that's not a problem as such. However, some people seem to want the server to not have a choice, that's a no-go. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 25 August 2013 21:05:26 UTC