W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: patrick mcmanus <pmcmanus@mozilla.com>
Date: Mon, 06 Aug 2012 20:58:04 -0400
Message-ID: <5020681C.7000601@mozilla.com>
To: ietf-http-wg@w3.org
+1 to Karl's comments; they address the fundamentals here. The basic 
concept being proposed is understandable (especially in the context of 
virus filtering), but its a door that shouldn't be opened for https 
schemed urls. Beyond the "power" issue is the likelihood that such a 
configuration would be gamed through social engineering.

-Patrick

On 8/6/2012 5:59 PM, Karl Dubost wrote:
> Le 6 août 2012 à 17:41, Willy Tarreau a écrit :
>> I'm not advocating MITM, quite the opposite : I'm advocating valid use of proxies via opt-in to put an end to MITM.
> * I can understand the why for proposing a validation of this usage.
>
> * I can also see why many businesses will start to propose this as the default feature for users without a real choice for them.
>
>
> There are plenty of EULA already that users sign-up without reading because the « power » is on the side of the service. I'm not sure it is a good idea to push further in that direction without proposing a real secure end to end mechanism in the platform.
>
>
Received on Tuesday, 7 August 2012 00:58:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 7 August 2012 00:58:35 GMT