- From: Roberto Peon <grmocg@gmail.com>
- Date: 2013年8月25日 14:09:33 -0700
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAP+FsNeRpkE4kbXiHPS0E11O4GvrLesiRPdUsOMFcLV1S3m-oQ@mail.gmail.com>
On Sun, Aug 25, 2013 at 2:05 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote: > In message < > CAP+FsNekM95SuMvO1_hxeVf2hWb+rApzkD417n+1N5w_V2+VOA@mail.gmail.com>, > Roberto Peon writes: > > >Such entities would have motivation to circumvent security regardless of > >whether or not things are encrypted. That problem isn't technical-- it is > >political. > > Correct, but if you make encrypt mandatory, they will have to break > _all_ encryption, that's what the law tells them to. > > As long as encryption only affects a minority of traffic and they can > easier go around (ie: FaceBook, Google etc. delivering the goods) > they don't need to render _all_ encryption transparent. > > >In any case, the intent here is to negotiate for encryption, not security. > > As long as it's negotiation, and the server or client can decline that's > not a problem as such. > > The server always gets to decline. The client doesn't even get to propose it today :) -=R > However, some people seem to want the server to not have a choice, that's > a no-go. > Poul-Henning > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. >
Received on Sunday, 25 August 2013 21:10:00 UTC