- From: Eric J. Bowman <eric@bisonsystems.net>
- Date: Sun, 22 Feb 2015 19:33:49 -0700
- To: "Eric J. Bowman" <eric@bisonsystems.net>
- Cc: Chris Palmer <palmer@google.com>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Eric J. Bowman wrote: > > > > > I encourage you to read more about cryptography and cryptographic > > network protocols, and to try your hand at subverting HTTP and HTTPS > > traffic (on your own systems and networks only, of course). I think > > you'll find that the available security guarantees and > > non-guarantees of HTTP and of HTTPS are very different from what > > you have expressed in this thread. > > > > Thanks, but I don't think you've understood what it is I'm trying to > express. > Particularly, Superfish illustrates that the guarantees and non- guarantees of HTTP and HTTPS are *exactly* what I tried to express in this thread. Yes, I know. You're above this list now, or at least until March 30, while you write a book on Web security. Let's just say I'm not pre- ordering. -Eric
Received on Monday, 23 February 2015 02:34:13 UTC