W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 07 Aug 2012 13:25:11 +1200
To: <ietf-http-wg@w3.org>
Message-ID: <9fce8856732519383e404517953c80cf@treenet.co.nz>
On 07.08.2012 13:12, Stephen Farrell wrote:
> On 08/07/2012 01:45 AM, Amos Jeffries wrote:
>>
>> Today those rights are just words on a piece of paper describing 
>> some
>> fantasy land that does not exist. Recalls marks assumption that he
>> *knew* CONNECT provided end-to-end security. Mark you live in .au 
>> still?
>> then your CONNECT is being decrypted. .cn, .sa, .in. .us, rq? same.
>
> I think evidence of that would be useful.
>
> Thanks,
> S.

That was a quick scan of my inbox from what appear to be national 
teleco types asking how to debug problems in their Squid ssl-bump MITMs 
over the last ~6 months. ssl-bump being a feature which is rather 
non-discriminative about what it decrypts. Along the lines of that raven 
list argument "why is it not wiretapping if only 92% of packets are 
captured?"

AYJ
Received on Tuesday, 7 August 2012 01:25:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 7 August 2012 01:25:42 GMT