W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2014

Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Tue, 30 Dec 2014 18:13:07 -0700
To: "henry.story@bblfish.net" <henry.story@bblfish.net>
Cc: Marc Fawzi <marc.fawzi@gmail.com>, Chris Palmer <palmer@google.com>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <20141230181307.016fbaa552dd8d00be4ab8da@bisonsystems.net>
"henry.story@bblfish.net" wrote:
> without TLS you may be in a tent but you have no idea if the people
> you are talking to are the ones you think they are, or if the
> communication has been altered along the way.

Still a problem with TLS. Some mechanism for detecting altered content
would benefit both use cases. Yeah, no security is perfect, but I don't
see how any solution actually solves the problem without some sort of
integrity check, which would change the entire framing of this debate,
for the better, if it existed.

Received on Wednesday, 31 December 2014 01:13:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC