Re: Moving forward on improving HTTP's security

Le Ven 15 novembre 2013 07:01, Nicolas Mailhot a écrit :
> Le Jeu 14 novembre 2013 21:57, Roberto Peon a écrit :
>> .. And?
> And egg meet chicken you need the protocol to make the connexion work, but
> you're building a protocol that requires this connexion before working

(unless of course I misunderstood and instead of using the physical link
to import a trusted cert in the device you want to use it to import
whatever's in the device in your browser cert store. Making any connected
device factory in China a giant CA able to inject any cert it wants in
millions of browsers. And I thought existing CA security was bad, do you
think the Chinese factory will even bother with a physical lock on its
mastering robots?)

Nicolas Mailhot

Received on Friday, 15 November 2013 06:58:04 UTC