Re: Call for Adoption: Encrypted Content Encoding from Martin Thomson on 2015-12-08 (ietf-http-wg@w3.org from October to December 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 9 Dec 2015 07:39:31 +1100
To: Eliot Lear <lear@cisco.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWGWKpZJpmunPTA8ETA6LT-=Cwg-PZj=ROdQfeDv=Zh4g@mail.gmail.com>

On 8 December 2015 at 18:16, Eliot Lear <lear@cisco.com> wrote:
> Stating that "clients might need to use other means of protection..."
> addresses  the latter architectural statement without acknowledging the
> former.  We need to go just a bit further and simply state that "all systems
> that receive the encrypted object are advised to take what precautions they
> can to have some confidence that the object is free of malware."   And then
> I would suggest several examples are in order, so as not to be too opaque.

Yeah, I'm totally on board with that.

Your point regarding "intermediary" is well-taken.  It was just a
convenient handle.

Received on Tuesday, 8 December 2015 20:40:00 UTC