W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: multiplexing -- don't do it

From: Robert Collins <robertc@squid-cache.org>
Date: Tue, 3 Apr 2012 11:04:08 +1200
Message-ID: <CAJ3HoZ2PJULH9s=5Ft4+moH_qEr3BJmJQNW8L68hmjuDV9z3+A@mail.gmail.com>
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: "Adrien W. de Croy" <adrien@qbik.com>, Roberto Peon <grmocg@gmail.com>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Tue, Apr 3, 2012 at 10:38 AM, William Chan (陈智昌)
<willchan@chromium.org> wrote:
> Hypothetically speaking, if HTTP/2.0 were TLS only, then either vendors
> would have to move to explicit proxies or to SSL MITM...

You say 'move to', but the reality has been for years that vendors
*have* SSL MITM up and running. Hell, a CA was busted a month or so
back for issuing wildcard certs (top level wildcard no less!) to
organisations that wanted to MITM all their traffic... nevermind that
they could then issue a cert for *any* domain which would be in
default browsers cert list...

SSL MITM isn't something we need to work hard to *avoid*, its
something we have to deal with today.

The best we can do is setup an environment where there is less or even
no need for SSL MITM, where folk that are doing SSL MITM today can
migrate to something a little less toxic tomorrow.

-Rob
Received on Monday, 2 April 2012 23:04:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT