On Tue, Apr 21, 2015 at 9:56 AM, Mike Hoye <mh...@mozilla.com> wrote:
> On 2015-04-21 6:43 AM, skuldw...@gmail.com wrote: > >> I know, not that well explained and over simplified. But the concept is >> hopefully clear, but in case it's not... >> > For what it's worth, a lot of really smart people have been thinking about > this problem for a while and there aren't a lot of easy buckets left on > this court. Even if we had the option of starting with a clean slate it's > not clear how much better we could do, and scrubbing the internet's > security posture down to the metal and starting over isn't really an > option. We have to work to improve the internet as we find it, > imperfections and tradeoffs and all. > > Just to add to this discussion, one point made to me in private was that > HTTPS-everywhere defangs the network-level malware-prevention tools a lot > of corporate/enterprise networks use. My reply was that those same > companies have tools available to preinstall certificates in browsers they > deploy internally - most (all?) networking-hardware companies will sell you > tools to MITM your own employees - which would be an acceptable solution in > those environments where that's considered an acceptable solution, and not > a thing to block on. > Yeah, I agree this is an issue, but not a blocker. It's already a problem for the ~65% of web transactions that are already encrypted, and people are already thinking about how to manage these enterprise roots better / improve user visibility. --Richard > > - mhoye > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
