W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Robert Collins <robertc@squid-cache.org>
Date: Tue, 7 Aug 2012 09:23:17 +1200
Message-ID: <CAJ3HoZ1hTOvcddN8c1ttBTYJyjSxLgSvnBMXQECVLnCGuuCLpw@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Tue, Aug 7, 2012 at 9:16 AM, Mark Nottingham <mnot@mnot.net> wrote:
> It's a really big logical leap from the existence of an attack to changing the fundamental semantics of the URI scheme. And, that's what a MITM proxy is -- it's not legitimate, it's not a recognised role, it's an attack. We shouldn't legitimise it.

It is however massively widespread. Its not 'attack' in the sense of
'well, someone /might do this/', its an attack in the sense of 'well I
get my IP address at work via DHCP'.

-Rob
Received on Monday, 6 August 2012 21:23:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 August 2012 21:23:53 GMT