Re: Who to trust? from Martin Thomson on 2014-06-23 (ietf-http-wg@w3.org from April to June 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 23 Jun 2014 16:42:55 -0700
To: Frode Kileng <frodek@tele.no>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnXZM8gc+_P3NTuC+t674A3jkDd5QUHxQrEUKOp6k5W2Ew@mail.gmail.com>

On 23 June 2014 14:40, Frode Kileng <frodek@tele.no> wrote:
> A challenge with the "trusted proxy" is that if I don't trust my ISP and
> this is an enforced policy, I'm out of options. If I don't trust a specific
> browser-vendor, I have many options.

This is true, but it's also true that trust isn't one-dimensional either.

I trust my bank with my money.  That's a big deal, but I wouldn't
trust them to mind my child for even 5 minutes, or to even make an
appointment on time.  Part of the trust there derives from the checks
and balances that are in place.

When it comes to network providers, the need for trust is actually
fairly low.  That's a design feature of the Internet.  Instead, I
place my trust in things like TLS, which in turn places trust in the
cryptography community, etc...  That's more than risky enough for me.

Received on Monday, 23 June 2014 23:43:22 UTC