W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 07 Aug 2012 11:53:24 +1200
To: <ietf-http-wg@w3.org>
Message-ID: <2a157d42125b0e82895df3a187cfef7e@treenet.co.nz>
On 07.08.2012 08:32, Mark Nottingham wrote:
> 
> <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p1-messaging.html#https.uri>
> is slated to define the semantics of HTTPS urls.
>
> We currently talk about HTTPS' impact on caches and identity there,
> but we don't mention one other major effect on HTTP -- the use of
> CONNECT to proxies.
>
> I think we need to define HTTPS as having a semantic of *end-to-end*
> use of SSL/TLS, and therefore CONNECT to proxies.
>
> Make sense?

CONNECT is not end-to-end either and the spec text may have confused 
some people when designing the traffic-light and padlock UI mechanisms. 
It's just a hop compaction over several stages.

  W-X-Y-Z may be CONNECT at W-X, and HTTPS W-Y, with no indication of 
what Y-Z is being used.

Creating a HTTPS trusted connection from location W to trusted proxy Y. 
Trusted by who is the debatable detail.


AYJ
Received on Monday, 6 August 2012 23:53:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 August 2012 23:53:54 GMT