W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: comprehensive TLS is not the solution, it's a bug ... (was 2 questions)

From: Walter H. <Walter.H@mathemainzel.info>
Date: Tue, 31 Mar 2015 20:21:17 +0200
Message-ID: <551AE59D.2010701@mathemainzel.info>
To: ietf-http-wg@w3.org
On 31.03.2015 13:21, Amos Jeffries wrote:
> On 31/03/2015 10:12 p.m., Walter H. wrote:
>> On Tue, March 31, 2015 11:02, Amos Jeffries wrote:
>>
>>>> just look at this screens-shot
>>>> http://imgbin.org/images/23055.png
>>>> (this was made at http://www.zalando.at/ - I'm Austrian and this is a
>>>> internet shop, but ... - my proxy blocks advertising in a very agressive
>>>> way)
>>> Er, I feel obliged to say "please upgrade" to this.
>> have you understood the real message of this?
> I hope so.
I don't think so ...
> There are many interpretations though and you did not post it
> in reply to a statement by me.
No, there is definitely only one interpretation, you got a wrong one ... 
your "please update" is totally nonsense in this context;

as the garbage collection isn't escorted by police, there is no need of 
TLS everywhere;
just as much as really needed;

this screenshot  shows totally different content as supposed to be shown 
in connection with the URL presented in the address bar of the browser;
the same it would be with TLS.
but exactly this was the reason for  Dan Anderson

he wrote: "But I think I would still care about the integrity benefits 
(Am I talking to the site I think I am talking to?, is there a man in 
the middle?, etc.)
I can't think of a case where I would not want this assurance."

this screen shot shows the counter evidence of his requirements of 
comprehensive TLS;

Walter


Received on Tuesday, 31 March 2015 18:21:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC