- From: Adrien de Croy <adrien@qbik.com>
- Date: Tue, 03 Dec 2013 20:23:05 +0000
- To: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Patrick McManus" <pmcmanus@mozilla.com>
- Cc: William Chan (ιζΊζ) <willchan@chromium.org>, "Yoav Nir" <synp71@live.com>, "Roberto Peon" <grmocg@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
------ Original Message ------ From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net> >Unlike Willy I do think all is not lost (yet) and operators will accept >to >not terminate ssl systematically if the protocol is not an >all-or-nothing >choice. For example I'm pretty sure most corporations would accept to >only >scan mime types likely to carry malware (js, executables, >zip/isos/office >documents) and pass the rest in opaque messages as long as major >browsers >and web sites didn't lie about this (and users deploying other web >clients >that lied in their user agent would face administrative sanctions). For >non-dangerous mime types "inspection" only cares about checking if the >full url does not belong to a porn/spam/crook/gaming web site, not the >message content. actually there are products out there that inspect HTML to attempt to classify content using various heuristics. > >It's all a balancing act. > >Regards, > >BTW: great news about the Firefox patchset > >-- >Nicolas Mailhot > >
Received on Tuesday, 3 December 2013 20:23:27 UTC