Re: secure HTTPS redirect - encoding a new trust anchor?

On 12/08/15 21:52, Martin Thomson wrote:
> Stephen, is your objection about the general nature of the query, or
> the specific mechanism?  

Yep it's the general nature of the outlined scheme that's alarming.

I'd not be at all surprised if there are sensible ways to have
device vendors interact with larger purchasers of sets of those
devices where such handovers can be managed safely enough.

I'm less sure there are good answers for a random widget from some
company I've never heard of re-badged by someone I have heard of
when I'm a home user. (And in that latter situation there are a lot
of open-source code and distribution systems involved which can
make things harder or easier, not sure.)

There may be some discussion of this topic at IETF94 including this
work being done in ANIMA. Maybe at saag and maybe some other place
but feel free to ping me if interested.

Cheers,
S.

Received on Wednesday, 12 August 2015 21:27:27 UTC