- From: Ted Lemon <mellon@fugue.com>
- Date: Mon, 20 Nov 2017 11:58:02 +0000
- To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Cc: ietf-http-wg@w3.org, hrpc@irtf.org
Received on Monday, 20 November 2017 16:45:00 UTC
On Nov 20, 2017, at 6:37 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr <mailto:bortzmeyer@nic.fr>> wrote: > The only draft I've found about this specific idea is > <https://datatracker.ietf.org/doc/draft-lemon-tls-blocking-alert/ <https://datatracker.ietf.org/doc/draft-lemon-tls-blocking-alert/>>, > but it is TLS-specific. I stopped pushing this after David Oran pointed out that there's no way to authenticate who is making the claim about why the content was blocked. I think this is a bit of a flaw in the 451 code idea as well—if it's not signed by whoever is claiming authority to do the block, it can be used to tell the end user something that is not true and can be turned into an attack on whomever the blocking is attributed to.
Received on Monday, 20 November 2017 16:45:00 UTC