« On technical writers and their wives | Main | Apache Security Model »

The worst idea ever: Let's break SSL for mobile users

January 31, 2009

This is definitely the scariest and stupidest idea I have heard in a very long time: some people on the W3C Mobile Web Best Practices Working Group think that is acceptable to break SSL—the security backbone of the Internet—in order to help transcoding proxies reformat content for mobile users:

This just demonstrates one of the reasons we suck at security: small groups of people who do not really know what they are doing wield significant power and affect millions. It's like year 2000 all over again. We are lucky when in some cases (such as in this one) there are informed people willing to stand for what's right.