- From: Willy Tarreau <w@1wt.eu>
- Date: Mon, 6 Aug 2012 22:43:27 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Mon, Aug 06, 2012 at 03:32:01PM -0500, Mark Nottingham wrote: > <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p1-messaging.html#https.uri> is slated to define the semantics of HTTPS urls. > > We currently talk about HTTPS' impact on caches and identity there, but we don't mention one other major effect on HTTP -- the use of CONNECT to proxies. > > I think we need to define HTTPS as having a semantic of *end-to-end* use of SSL/TLS, and therefore CONNECT to proxies. > > Make sense? I'd rather have it be the equivalent of the "GET https://" we've been talking about, with something different for use with CONNECT. CONNECT is used to establish a tunnel, and anything passes through (I'm using it on a daily basis to SSH home). Many people involved in proxies would like CONNECT to disappear or at least to work based on fine whitelists (eg: banks, paypal, ...) and use GET https:// instead to provide the ability to use safe connections between the proxy and the internet, with the ability to block malware. Right now this is already performed with CONNECT using awful tricks that totally break HTTP and even prevent software such as Firefox from being able to upgrade itself, this is a total failure. Regards, Willy
Received on Monday, 6 August 2012 20:43:54 UTC