Chris Palmer wrote: > > TLS is the transport layer security protocol we have. It is widely > supported and deployed. > So is HTTP-Digest. Whether content is encrypted or not, Authentication headers seem a better solution to me than HTTPS-secured cookies. So maybe Authentication headers (even for unauthenticated users) have some use after all, where security and privacy are concerned. And maybe, if we have *that* debate, we'll come up with an alternative that's no less widely supported and deployed (at least potentially) than HTTPS. > > Any proposed competitor for TLS — are you proposing one? — is likely > to be roughly as complex and is likely to take roughly as long to > develop as TLS has. > Disagree on development time. A solution informed by, and enhancing, what we've learned from HTTP and HTTPS, wouldn't necessarily take very long to develop. Whether it's more or less complex than TLS seems like a non-issue if it actually solves the problem. -EricReceived on Wednesday, 31 December 2014 01:27:02 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC