Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

On Tue, Dec 30, 2014 at 5:13 PM, Eric J. Bowman <> wrote:

>> without TLS you may be in a tent but you have no idea if the people
>> you are talking to are the ones you think they are, or if the
>> communication has been altered along the way.
> Still a problem with TLS. Some mechanism for detecting altered content
> would benefit both use cases. Yeah, no security is perfect, but I don't
> see how any solution actually solves the problem without some sort of
> integrity check, which would change the entire framing of this debate,
> for the better, if it existed.

TLS does have an end-to-end (client to front-end server) integrity
checking mechanism.

Received on Wednesday, 31 December 2014 01:26:55 UTC