W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Mandatory encryption *is* theater

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Mon, 26 Aug 2013 10:44:13 +0200
Message-ID: <b82f32e7938fd7ceb2441746b301b5ee.squirrel@arekh.dyndns.org>
To: "Salvatore Loreto" <salvatore.loreto@ericsson.com>
Cc: ietf-http-wg@w3.org

Le Dim 25 août 2013 09:10, Salvatore Loreto a écrit :

> Having said that I agree with Eliot that solving everything just saying
> lets use TLS
> is a theater, instead we should work on a way to authenticate endpoints,
> proxies,
> how to provide data integrity etc.

+1

It's horrifying to see how most HTTP/1 clients will mess around with
partial implementations to establish com, because who cares if secrets are
leaked right and left, if the TLS stack is not complaining overmuch it
must be secure. Bonus points if they manage to degrade setups that would
require their developers to handle more valid error conditions.

-- 
Nicolas Mailhot
Received on Monday, 26 August 2013 08:44:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC