- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 06 Dec 2015 12:57:25 +0000
- To: ietf-http-wg@w3.org, Willy Tarreau <w@1wt.eu>
- cc: Amos Jeffries <squid3@treenet.co.nz>
-------- In message <20151206125030.GA28069@1wt.eu>, Willy Tarreau writes: >> >Warning Amos, TLS does offer this when it's used reasonably. >> >> There is no way to use it "reasonably" in practice. > >But it's not TLS's fault but the whole model of trust. No, it is the fault of the people who agitate for "TLS everywhere" ignoring that the model of trust is utterly untrustworthy. >When you have only CAs of parties you decide to trust, the whole chain >can be trusted. Correct. And all current browsers make that as hard as possible to do in practice. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 6 December 2015 12:57:50 UTC