W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Jonathan Ballard <dzonatas@gmail.com>
Date: Mon, 6 Aug 2012 15:21:33 -0700
Message-ID: <CAAPAK-4VEfthVWMYLr=mC9X4YR3Bd6C4RKgdoNFO8vxctbAaVg@mail.gmail.com>
To: Robert Collins <robertc@squid-cache.org>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
It did not make sense there when HTTPS is treated as the URN instead of the
URI, but it did make sense if direct use of the URI indicates no proxy,
end-to-end.

On Monday, August 6, 2012, Robert Collins wrote:

> On Tue, Aug 7, 2012 at 9:16 AM, Mark Nottingham <mnot@mnot.net<javascript:;>>
> wrote:
> > It's a really big logical leap from the existence of an attack to
> changing the fundamental semantics of the URI scheme. And, that's what a
> MITM proxy is -- it's not legitimate, it's not a recognised role, it's an
> attack. We shouldn't legitimise it.
>
> It is however massively widespread. Its not 'attack' in the sense of
> 'well, someone /might do this/', its an attack in the sense of 'well I
> get my IP address at work via DHCP'.
>
> -Rob
>
>
Received on Monday, 6 August 2012 22:22:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 August 2012 22:22:06 GMT