W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Mandatory encryption *is* theater

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 27 Aug 2013 11:32:15 +0000
To: (wrong string) ™ˆ™˜Œ) <willchan@chromium.org>
cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Eliot Lear <lear@cisco.com>
Message-ID: <30273.1377603135@critter.freebsd.dk>
In message <CAA4WUYhPmTLHQa6DdGrVqxUjTwATBdSeqL-feATubfv66brZxw@mail.gmail.com>, =?UTF-8?B?V2lsbGlhbSBDaGFuIC
jpmYjmmbrmmIwp?= writes:

>Sorry, let me clarify with an example: a TLS connection to a server
>presenting a self-signed cert. It's encrypted, but the server is not
>authenticated. Does that clarify matters?

Yes, thanks.

I tend to prefer the words "privacy" and "secrecy" myself, exactly
because "encryption" is such a catch-all concept that you never quite
know what people actually mean.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 27 August 2013 11:32:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:15 UTC