- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 1 Dec 2015 14:14:16 +0100
- To: Eliot Lear <lear@cisco.com>, Cory Benfield <cory@lukasa.co.uk>
- Cc: "Walter H." <Walter.H@mathemainzel.info>, Roland Zink <roland@zinks.de>, Jim Manico <jim@manicode.com>, ietf-http-wg@w3.org
On 2015-12-01 14:01, Eliot Lear wrote: > ... > I'm sympathetic to the draft being adopted, but your argument above is a > little off. Today the Internet is full of intermediaries that do not > add malware, and would not happily add malware. You yourself are using > just such an intermediary for your own email. Even if we assume that > you meant to say that there is a threat that intermediaries can > introduce malware, my concern is more that a server will end up serving > up malware without any knowledge of doing so. This is a separate threat > to those who retrieve information. And you seem to agree because you > write... > ... One could argue that that server is only serving some opaque blob, and only by combining it with additional information for decryption (not available from that server), the malware comes into existence. Best regards, Julian
Received on Tuesday, 1 December 2015 13:14:49 UTC