- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Thu, 12 Dec 2013 17:01:51 +0100
- To: "Salvatore Loreto" <salvatore.loreto@ericsson.com>
- Cc: "Roberto Peon" <grmocg@gmail.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
Le Jeu 12 décembre 2013 16:35, Salvatore Loreto a écrit : > The one thing that wouldn’t be addressed by this approach is the potential > for a “semi-trusted” proxy that can see inside encryption and yet promises > e2e integrity. So, to me it seems like we should be focusing on the use > cases that lead us there (rather than on that particular solution, yet). IIRC web site and browser people have reaffirmed many times here they didn't want intermediaries to tamper with content. Which is actually fine as most intermediaries do not want to tamper in any way, just look at what goes through and block what they don't like. That's where e2e integrity comes into play (and as end-user I'd like to have it too). Besides that's a major part of reassuring users nothing fishy is going on behind their back -- Nicolas Mailhot
Received on Thursday, 12 December 2013 16:02:24 UTC