W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2014

Re: IAB Statement on Internet Confidentiality

From: Jason Greene <jason.greene@redhat.com>
Date: Mon, 17 Nov 2014 12:09:49 -0600
Cc: Roland Zink <roland@zinks.de>, ietf-http-wg@w3.org
Message-Id: <4938CB44-7FFF-481B-826E-EC8E3C103D2C@redhat.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>

> On Nov 17, 2014, at 6:56 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> 
> --------
> In message <5469EE2F.2020108@zinks.de>, Roland Zink writes:
> 
> Actually I think the most important part is this:
> 
>>>> Encryption
>>>> should be authenticated where possible, but even protocols providing
>>>> confidentiality without authentication are useful in the face of
>>>> pervasive surveillance as described in RFC 7258.
> 
> Will browsers finally stop treating self-signed-certs as if they
> were highly radioaktive ?

Even better would be to support anonymous ECDH. Why bother requiring all of these fake certs to be generated when they have no legit purpose.

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
Received on Monday, 17 November 2014 18:10:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:41 UTC