W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 07 Aug 2012 06:23:11 +0000
To: "Adrien W. de Croy" <adrien@qbik.com>
cc: "Karl Dubost" <karld@opera.com>, "Willy Tarreau" <w@1wt.eu>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <38230.1344320591@critter.freebsd.dk>
In message <em801c6840-5fa1-4ed4-b1b8-03ca3d471971@bombed>, "Adrien W. de Croy"
 writes:

>I'm not convinced that what is proposed alters the balance of power at
>all.

I think trying to use protocol design to alter the balance of power
by restriction is a fundamentally flawed attitude.

If a given protocol does not support what the law requies, then the
protocol will be circumvented, broken or banned.

Adrien is right that there is a market requirement for inspection,
and all we get if we refuse to meet that requirement, is less users
of the protocol or that the protocol be broken open using MITM and
bogus certificates.

I do realize the trouble with "redefining HTTPS", and would like to
point out that we have a way around that:

Per protocol message encryption will allow us to define the semantics
required in the market, *AND* it will allow us to mix protected and
unprotected traffic in the same TCP connection, which saves a
TCP connection in the very typical HTTP->HTTPS login scenario.

If we add per-message-encryption in HTTP/2.0 it will not be TLS
(obvious), and therefore we will not be redefining HTTPS' semantics.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 7 August 2012 06:23:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 7 August 2012 06:24:03 GMT