W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2014

Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Tue, 30 Dec 2014 18:13:07 -0700
To: "henry.story@bblfish.net" <henry.story@bblfish.net>
Cc: Marc Fawzi <marc.fawzi@gmail.com>, Chris Palmer <palmer@google.com>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <20141230181307.016fbaa552dd8d00be4ab8da@bisonsystems.net> 
"henry.story@bblfish.net" wrote:
> 
> without TLS you may be in a tent but you have no idea if the people
> you are talking to are the ones you think they are, or if the
> communication has been altered along the way.
>

Still a problem with TLS. Some mechanism for detecting altered content
would benefit both use cases. Yeah, no security is perfect, but I don't
see how any solution actually solves the problem without some sort of
integrity check, which would change the entire framing of this debate,
for the better, if it existed.

-Eric
Received on Wednesday, 31 December 2014 01:13:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC