On 2015-04-21 6:43 AM, skuldw...@gmail.com wrote:
I know, not that well explained and over simplified. But the concept
is hopefully clear, but in case it's not...
For what it's worth, a lot of really smart people have been thinking
about this problem for a while and there aren't a lot of easy buckets
left on this court. Even if we had the option of starting with a clean
slate it's not clear how much better we could do, and scrubbing the
internet's security posture down to the metal and starting over isn't
really an option. We have to work to improve the internet as we find it,
imperfections and tradeoffs and all.
Just to add to this discussion, one point made to me in private was that
HTTPS-everywhere defangs the network-level malware-prevention tools a
lot of corporate/enterprise networks use. My reply was that those same
companies have tools available to preinstall certificates in browsers
they deploy internally - most (all?) networking-hardware companies will
sell you tools to MITM your own employees - which would be an acceptable
solution in those environments where that's considered an acceptable
solution, and not a thing to block on.
- mhoye
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
