- From: Chris Palmer <palmer@google.com>
- Date: Tue, 30 Dec 2014 17:26:29 -0800
- To: "Eric J. Bowman" <eric@bisonsystems.net>
- Cc: "henry.story@bblfish.net" <henry.story@bblfish.net>, Marc Fawzi <marc.fawzi@gmail.com>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On Tue, Dec 30, 2014 at 5:13 PM, Eric J. Bowman <eric@bisonsystems.net> wrote: >> without TLS you may be in a tent but you have no idea if the people >> you are talking to are the ones you think they are, or if the >> communication has been altered along the way. > > Still a problem with TLS. Some mechanism for detecting altered content > would benefit both use cases. Yeah, no security is perfect, but I don't > see how any solution actually solves the problem without some sort of > integrity check, which would change the entire framing of this debate, > for the better, if it existed. TLS does have an end-to-end (client to front-end server) integrity checking mechanism. https://www.ietf.org/rfc/rfc5246.txt
Received on Wednesday, 31 December 2014 01:26:55 UTC