W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Sun, 22 Feb 2015 19:33:49 -0700
To: "Eric J. Bowman" <eric@bisonsystems.net>
Cc: Chris Palmer <palmer@google.com>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <20150222193349.ac525b8f3cf4548158b7652f@bisonsystems.net>
Eric J. Bowman wrote:
> 
> >
> > I encourage you to read more about cryptography and cryptographic
> > network protocols, and to try your hand at subverting HTTP and HTTPS
> > traffic (on your own systems and networks only, of course). I think
> > you'll find that the available security guarantees and
> > non-guarantees of HTTP and of HTTPS are very different from what
> > you have expressed in this thread.
> > 
> 
> Thanks, but I don't think you've understood what it is I'm trying to
> express.
> 

Particularly, Superfish illustrates that the guarantees and non-
guarantees of HTTP and HTTPS are *exactly* what I tried to express in
this thread.

Yes, I know. You're above this list now, or at least until March 30,
while you write a book on Web security. Let's just say I'm not pre-
ordering.

-Eric
Received on Monday, 23 February 2015 02:34:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 February 2015 02:34:14 UTC