- From: Marc Fawzi <marc.fawzi@gmail.com>
- Date: Tue, 30 Dec 2014 15:13:05 -0800
- To: Chris Palmer <palmer@google.com>
- Cc: "henry.story@bblfish.net" <henry.story@bblfish.net>, "Eric J. Bowman" <eric@bisonsystems.net>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
No. I should rephrase (to be legit here) as: why the fixation with Https and the CA model? Shouldn't the push for more security be inclusive of all other security models (at least ones that have been experimented with), at least mentioning them in the proposal/finding with some kind of SWOT analysis for each and leaving room for further alternatives as opposed to pushing for the current https/CA model? Sent from my iPhone > On Dec 30, 2014, at 2:31 PM, Chris Palmer <palmer@google.com> wrote: > >> On Tue, Dec 30, 2014 at 2:27 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote: >> >> Not saying not to pursue security or "more security than no security" What I'm saying is that both the choice of having security as well as the way in which it is achieved should not be a top down one-solution-fits-all decree by the W3C/TAG. I think web stack vendors should empower all kinds of solutions and approaches and the TAG/W3C should not promote just one model that it has determined to be the ultimate model but be all inclusive and give support and acknowledgement for other approaches (decentralized, hybrid, whatever) and a chance of those models making it into the standards process upon maturing. I don't understand the fixation with TLS. > > TLS is the transport layer security protocol we have. It is widely > supported and deployed. > > Any proposed competitor for TLS — are you proposing one? — is likely > to be roughly as complex and is likely to take roughly as long to > develop as TLS has.
Received on Tuesday, 30 December 2014 23:13:40 UTC