- From: 陈智昌 <willchan@chromium.org>
- Date: Tue, 27 Aug 2013 19:25:51 +0800
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Eliot Lear <lear@cisco.com>
Received on Tuesday, 27 August 2013 11:26:20 UTC
On Aug 27, 2013 6:37 PM, "Poul-Henning Kamp" <phk@phk.freebsd.dk> wrote: > > In message <CAA4WUYgn5jgTojch=Z7Kv= BONLzrwtyyjkuhHCkZ_FgnKE231Q@mail.gmail.com>, =?UTF-8?B?V2lsbGlhbSBDaGFuIC > jpmYjmmbrmmIwp?= writes: > > >> >I agree authentication would be nice to have, > >> >but I think it's unfair to criticize mandatory to offer *encryption* > >> >because of authentication. > >> > >> When you say "encryption", do you mean "privacy" ? > > > >I mean encryption, because that's AIUI what mnot hinted at in his Berlin > >presentation. > > That answer doesn't really help me any... > > In the email I cited, you used "encryption" as something apart from > "authentication" and that left (at least) me confused about what > the heck you were talking about ? Sorry, let me clarify with an example: a TLS connection to a server presenting a self-signed cert. It's encrypted, but the server is not authenticated. Does that clarify matters? > > Referencing mnot's slides doesn't really help me there... > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 27 August 2013 11:26:20 UTC