----- Original Message ----- From: "Watson Ladd" <[email protected]> To: "Trevor Perrin" <[email protected]> Cc: <[email protected]>; "Stephen Farrell" <[email protected]> Sent: Saturday, March 22, 2014 9:25 PM > On Sat, Mar 22, 2014 at 1:00 PM, Trevor Perrin <[email protected]> wrote: > > On Sat, Mar 22, 2014 at 7:16 AM, Stephen Farrell > > <[email protected]> wrote: > >. > > > > You mean the browser devs who support the world's main TLS libraries > > and TLS applications, understand the HTTPS ecosystem better than > > anyone, and are the implementors (and thus gatekeepers) for any > > changes? > > Personally I have never understood why connecting to a site with a bad > certificate shows me a warning, while visiting a site over HTTP does > not.
In a similar vein, but perhaps at a slight tangent, I have never understood why every browser I have installed has CRL checking turned off. Or perhaps I do, since when I turn it on, I find that there are those on IETF lists who send e-mails which invoke CRLs over 1Mbyte in size which take 30s to download every time I want to view their e-mail (round trips, not bandwidth, being the problem). So do we continue to recommend that CRL checking is turned off and so open certificates to another attack vector? Tom Petch > It should simply not indicate security. Perhaps an exemption should be > made for some websites which have known good certificates but then the > UI should never permit bypassing checks. Current behavior amounts to > limiting the use of alternatives to the current PKI, without actually > providing a gain in security. Browser vendors are working on DANE, > TACK, and CT, which I think are much more promising for encrypting > everything if we can reduce the administrative load involved. > > Sincerely, > Watson Ladd > > > > We should be encouraging more of their participation and viewpoints. > > > > It's frustrating when they don't race to support your great new idea. > > I've been there. But working to "beat up" and alienate them is not > > the solution. > > > > > > Trevor > > > > _______________________________________________ > > Uta mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/uta > > > > -- > "Those who would give up Essential Liberty to purchase a little > Temporary Safety deserve neither Liberty nor Safety." > -- Benjamin Franklin > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
