![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Changeset 2489 for wg_materials/ietf88
- Timestamp:
- 12/11/13 03:44:27 (9 years ago)
- File:
-
- 1 edited
-
wg_materials/ietf88/minutes.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
wg_materials/ietf88/minutes.txt
r2478 r2489 382 382 EL: Concerned this introduces a new form of MitM. If yu have this header, that now says you can use relaxed, a MITM can insert the header or replace a 301 with a header, and the server thinks it has an encrypted tab but is really sending data through the MITM. 383 383 384 EL: Why would the attacker not just proxy HTTP, and I'm just saying this is another avenue. I'm also not sure we understand the consequences of adding a new pr opertyabout saying "don't bother to verify the certificate" and confusion about unathenticated encryption versus authenticated encryption.384 EL: Why would the attacker not just proxy HTTP, and I'm just saying this is another avenue. I'm also not sure we understand the consequences of adding a new primative about saying "don't bother to verify the certificate" and confusion about unathenticated encryption versus authenticated encryption. 385 385 386 386 Salvatore ??: I am worried we are putting to many things together, and changing things on the fly. It might be too much to manage.
Note: See TracChangeset
for help on using the changeset viewer.
