- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Tue, 09 Dec 2014 11:06:37 -0500
- To: Noah Mendelsohn <nrm@arcanedomain.com>, Mark Nottingham <mnot@mnot.net>, "www-tag@w3.org List" <www-tag@w3.org>
On 12/08/2014 07:57 PM, Noah Mendelsohn wrote: > I'm really delighted to see you undertaking this: a very important topic > and just the sort of thing the TAG should be doing IMO. I didn't see an > indication of where comments should go, so I'll make two here: +1 I'll encourage PING to review this work too. ... > > II. Privacy > > I also have the vague impression that there is a loss of privacy that > indirectly results from the reduced practicality of proxies, but I'm not > sure that intuition is correct. If there are privacy issues with the > HTTPs transition, that would be worth exploring too. For at least one set of privacy-conscious users, those seeking to block traffic analysis by using Tor[1], HTTPS everywhere improves their privacy and security. Tor's onion routing sends traffic through a series of three hops, so the entry node knows your incoming IP but not destination, and the exit node sends the request on to its destination. If the destination site is in the clear rather than HTTPS-enabled, a malicious exit node could sniff or tamper with the request and response. So the Tor proxy solution is strengthened by and complementary to HTTPS everywhere. --Wendy [1] https://www.torproject.org/about/overview.html.en#thesolution > > Thank you. Good luck with this! > > Noah > > On 12/8/2014 6:28 PM, Mark Nottingham wrote: >> We've started work on a new Finding, to a) serve as a Web version of >> the IAB statement, and b) support the work on Secure Origins in >> WebAppSec. >> >> See: <https://w3ctag.github.io/web-https/> >> >> Repo w/ issues list at <https://github.com/w3ctag/web-https>. >> >> Cheers, >> >> >> -- >> Mark Nottingham https://www.mnot.net/ >> >> >> > > -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Tuesday, 9 December 2014 16:06:46 UTC