W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: HTTP/2.0 goal: polcy enforcement

From: Willy Tarreau <w@1wt.eu>
Date: Mon, 26 Mar 2012 06:11:02 +0200
To: "Adrien W. de Croy" <adrien@qbik.com>
Cc: Adam Barth <w3c@adambarth.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20120326041102.GJ9421@1wt.eu>
On Mon, Mar 26, 2012 at 12:52:44AM +0000, Adrien W. de Croy wrote:
> 
> ------ Original Message ------
> From: "Adam Barth" <w3c@adambarth.com>
> To: "Adrien W. de Croy" <adrien@qbik.com>
> Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
> Sent: 26/03/2012 1:46:57 p.m.
> Subject: Re: HTTP/2.0 goal: polcy enforcement
> >Don't these intermediaries need to support TLS anyway to enforce an
> >acceptable use policy on HTTPS traffic?
> >
> mostly that's handled by CONNECT rather than MITM.
>  
> MITM is generally frowned upon, and seems IMO to be a bit fragile - it 
> depends on the willingness of client and server vendors to continue to 
> let it happen, which could be a political hot potato if there's ever 
> any abuse.  It doesn't work with client certs either.
>  
> I'm all for using TLS everywhere (apart from the load), but proxies 
> need access to raw payload.  That requirement isn't going away.  It 
> would be more successful IMO to explicitly provide for it it than 
> ignore it.  Hence a protocol that can ask a proxy to make a TLS 
> connection on its behalf would be a better option IMO.

+1 on the "GET https://"

> Adrien

Willy
Received on Monday, 26 March 2012 04:11:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT