W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 07 Aug 2012 06:13:14 +0000
To: Mark Nottingham <mnot@mnot.net>
cc: Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <38136.1344319994@critter.freebsd.dk>
In message <0697836F-C4AD-4D89-AB5E-2C83B16A91AF@mnot.net>, Mark Nottingham wri
tes:

>It's a really big logical leap from the existence of an attack to 
>changing the fundamental semantics of the URI scheme. And, that's what a 
>MITM proxy is -- it's not legitimate, it's not a recognised role, it's 
>an attack. We shouldn't legitimise it. 

As I have said earlier:  Many of these deployments have grounds in
valid legal requirements, and they only happen to become MITM because
the TLS protocol offers no other alternative.

The problem is that TLS does not offer support intermediaries, and people
work around that lack of support when the law says they must.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 7 August 2012 06:13:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 7 August 2012 06:13:46 GMT