- From: Noah Mendelsohn <nrm@arcanedomain.com>
- Date: Fri, 16 Jan 2015 12:10:56 -0500
- To: Chris Palmer <palmer@google.com>
- CC: "www-tag@w3.org" <www-tag@w3.org>
On 1/16/2015 2:54 AM, Chris Palmer wrote: > Surely, you weren't hoping to use evidence of application-layer > attacks as a reason to not adopt effective application-layer security > techniques. No, but I think the TAG can play a useful role in documenting which of the problems we see "in the wild" the move to HTTPS will "solve", which it won't etc. Not everything we do as a community or that the TAG does can be 100% effective, but IMO a key role of the TAG is to document tradeoffs, and to explain both the strengths and weaknesses of any proposed architectural change. In this case, many readers of TAG Findings will be less informed than the TAG. I think it will be helpful to clearly say: "This is what we can reasonably expect the move to do for HTTPS to do for you; these are some of the problems you might naively expect it to solve that it might not." Noah
Received on Friday, 16 January 2015 17:11:18 UTC