W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: something I don't get about the current plan...

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Mon, 18 Nov 2013 10:28:35 +0100
Message-ID: <93c628a52b6933e559a851f0839cfb20.squirrel@arekh.dyndns.org>
To: "Bruce Perens" <bruce@perens.com>
Cc: "Mike Belshe" <mike@belshe.com>, "httpbis mailing list" <ietf-http-wg@w3.org>

Le Lun 18 novembre 2013 01:36, Bruce Perens a écrit :

>      Certainly a class of application that could permanently manipulate
>  the state of the device running it would need to be signed.

It would need to be more than signed, it would need to use a different
protocol. The sole reason http is widely authorised today, unlike pretty
much any other protocol, is that people think it can not be used to
manipulate the state of their devices.

Any change there would break the security model built around http


Nicolas Mailhot
Received on Monday, 18 November 2013 09:29:04 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:39 UTC