W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Adrien W. de Croy <adrien@qbik.com>
Date: Mon, 06 Aug 2012 23:18:20 +0000
To: "Karl Dubost" <karld@opera.com>, "Willy Tarreau" <w@1wt.eu>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <em801c6840-5fa1-4ed4-b1b8-03ca3d471971@bombed>

------ Original Message ------
From: "Karl Dubost" <karld@opera.com>
>Le 6 août 2012 à 17:41, Willy Tarreau a écrit :
>
>>
>>I'm not advocating MITM, quite the opposite : I'm advocating valid use of proxies via opt-in to put an end to MITM.
>>
>
>
>* I can understand the why for proposing a validation of this usage.
>
>* I can also see why many businesses will start to propose this as the default feature for users without a real choice for them.
>
>
>There are plenty of EULA already that users sign-up without reading because the « power » is on the side of the service. I'm not sure it is a good idea to push further in that direction without proposing a real secure end to end mechanism in the platform.
>

I'm not convinced that what is proposed alters the balance of power at 
all.

At the moment, the proxy/firewall operator continues to have all the 
power.  They can block whatever they like.

What we are proposing actually allows the firewall operator to permit 
additional usage of the client, because it can be validated / scanned / 
whatever.  Otherwise it is blocked.

The user still has the choice whether they will be prepared to do 
personal banking at work on work hardware and work internet resources 
or not.

All UA vendors need to do is make sure it's clear to the user what's 
going on.

Adrien


>
>
>
>--
>Karl Dubost - http://dev.opera.com/
>Developer Relations, Opera Software
>
>
>
>
Received on Monday, 6 August 2012 23:18:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 August 2012 23:18:50 GMT