- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Thu, 14 Nov 2013 11:48:21 +0100
- To: "Willy Tarreau" <w@1wt.eu>
- Cc: "Mike Belshe" <mike@belshe.com>, "William Chan (?????????)" <willchan@chromium.org>, "Tao Effect" <contact@taoeffect.com>, "Tim Bray" <tbray@textuality.com>, "James M Snell" <jasnell@gmail.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
Le Mer 13 novembre 2013 22:54, Willy Tarreau a écrit : > When certs are > needed to connect to my printer, I doubt I'll have to order a new > cert every year to connect to it once every 3 years at most to change > its IP address. Printers are a big equipment. People are already connecting lightbulbs for christsakes (did not one here hear about the Internet of things stuff? I can tell you it is happening, I see the first parts in my proxy traffic). There is no way in hell the current PKI/CA system can scale to this number of devices no one really wants to secure anyway without making certificates effectively meaningless (and my bank would disagree with this) And make a protocol revision supposed to be future-proof for at least a decade depend on this system when it is already broken ? Madness TLS is not advocated for security or freedom values it is advocated by big websites operators like Google who resent anyone interfering with the control they have of their visitors now. It's giving big brother a bigger stick because who the hell can even pretend Google-enduser relationship is remotely balanced. (replace Google with any of the other Internet giants, none of those is free from the temptation to abuse a direct in-controllable link to end-users, and Snowden showed). This is quite transparent in the latest exchanges "small fishes will continue to use http/1, we want tls+http/2 for out giant monitoring platforms, and btw revisiting cookies? Forget about it" -- Nicolas Mailhot
Received on Thursday, 14 November 2013 10:48:57 UTC