W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

RE: 2 questions

From: Xiaoyin Liu <xiaoyin.l@outlook.com>
Date: Mon, 30 Mar 2015 18:53:02 -0400
Message-ID: <BAY180-W60743EBD64C5B80ACCDFBAFFF50@phx.gbl>
To: Adrien de Croy <adrien@qbik.com>, Dan Anderson <dan-anderson@cox.net>, Walter H. <walter.h@mathemainzel.info>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
From: adrien@qbik.com
To: dan-anderson@cox.net; Walter.H@mathemainzel.info
CC: ietf-http-wg@w3.org
Date: Mon, 30 Mar 2015 20:53:05 +0000
Subject: Re: 2 questions


>think of someone or company uses Internet for e-commerce; e.g. presenting his products is public for anybody; this doesn't need to be presented in TLS, 

Is this still a valid assumption?

I might not particularly, initially, care about confidentiality.  But I think I would still care about the integrity benefits (Am I talking to the site I think I am talking to?, is there a man in the middle?, etc.)
> so how do you get integrity benefits when there is a MitM?  Client certificates?  Good luck with that.
 Why are client certificates needed? Client certificates are for the servers to authenticate clients, but what Dan said was "am I talking to the site I think I am talking to". The assurance of integrity is provided by the normal TLS without client certs.
Received on Monday, 30 March 2015 22:53:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC