Re: Draft finding - "Transitioning the Web to HTTPS"

* Mark Nottingham wrote:
>When I talk to browser folks about this, they say that you can still 
>install a CA to observe traffic, or look at the console / dev tools, 
>etc. I think that's a reasonable answer, but one that needs better tools 
>available to foster this kind of research.

It is actually quite common that you cannot install certificates and do
not have debugging tools available, or would not be able to rely on them
because their use is detectable. Considering that heteronomous computing
is being made a fundamental part of the Web, it seems very unlikely that
the TAG would agree that users have a right to know what their computers
do and what data they send and receive.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 

Received on Tuesday, 9 December 2014 21:24:30 UTC