W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Who to trust?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 23 Jun 2014 16:42:55 -0700
Message-ID: <CABkgnnXZM8gc+_P3NTuC+t674A3jkDd5QUHxQrEUKOp6k5W2Ew@mail.gmail.com>
To: Frode Kileng <frodek@tele.no>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 23 June 2014 14:40, Frode Kileng <frodek@tele.no> wrote:
> A challenge with the "trusted proxy" is that if I don't trust my ISP and
> this is an enforced policy, I'm out of options. If I don't trust a specific
> browser-vendor, I have many options.

This is true, but it's also true that trust isn't one-dimensional either.

I trust my bank with my money.  That's a big deal, but I wouldn't
trust them to mind my child for even 5 minutes, or to even make an
appointment on time.  Part of the trust there derives from the checks
and balances that are in place.

When it comes to network providers, the need for trust is actually
fairly low.  That's a design feature of the Internet.  Instead, I
place my trust in things like TLS, which in turn places trust in the
cryptography community, etc...  That's more than risky enough for me.
Received on Monday, 23 June 2014 23:43:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC