On 07/27/2014 04:49 PM, Jason Haar wrote: > I do wonder where this will end. Since one cannot combine interception, inspection, and secure delivery, this can only end when at least one of those components dies. Interception is probably the weak link here because it can be removed(*) by technological means if enough folks decide it has to go. Inspection (by trusted intermediaries) and secure delivery (through trusted intermediaries) will probably stay (with modifications) because their existence sprouts from the human nature (rather than just lack of development discipline, will, and resources). > How long before Firefox starts pinning, > then MSIE, then it gets generalized, etc? If applied broadly, pinning in an interception world will clash with government, corporate, and parental desire to protect "assets". With todays technology, pinning can only survive on a limited scale IMHO. The day after tomorrow, if interception dies, replaced by trusted intermediaries, pinning will not be a problem. Either that, or the entire web content is going to be owned by a few content providers that would guarantee that their content is safe and appropriate (hence, does not need to be inspected). This is what Google claims with its pinning solution today, and I suspect it is not the responsibility they actually want and enjoy. Cheers, Alex. (*) I am only discussing overt technologies and needs here. Needless to say, covert interception will stay with us for the foreseeable future.
