- From: ??? <willchan@chromium.org>
- Date: Thu, 12 Dec 2013 12:18:00 -0800
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Patrick McManus <mcmanus@ducksong.com>, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Dec 12, 2013 at 12:09 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > >>I respect the goals behind opportunistic encryption, but it is >>*unclear* to me if it is actually a net positive. There are definitely >>a lot of things to like about it which I think have already been >>covered. But I'm concerned that the risk of hurting HTTPS adoption is >>real and significant. > > When you say "HTTPS adoption" do you mean HTTPS as we know it, with > trojaned CA's or do you mean some future variant where the authentication > is actually worth something when it comes to trust ? I mean HTTPS as we know it and believe we should work on fixing existing PKI issues. I am a fan of work like public key pinning (https://www.imperialviolet.org/2011/05/04/pinning.html). > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 12 December 2013 20:18:30 UTC