W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 13 Sep 2012 15:30:40 +1000
Cc: "Adrien W. de Croy" <adrien@qbik.com>, Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <C709790F-84A2-4C97-9391-D179163B89A0@mnot.net>
To: Eric Rescorla <ekr@rtfm.com>
For tracking: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/383

On 13/09/2012, at 3:06 PM, Mark Nottingham <mnot@mnot.net> wrote:

> I haven't seen any more discussion of this. 
> 
> Being that both the TLS WG Chair and at least one security AD have both unambiguously said that it should be considered an e2e protocol (please correct if I'm wrong), we return to the original question --
> 
> Should we state that the HTTPS URI scheme implies end-to-end security (i.e., between the user-agent and the origin server)?
> 
> Regards,
> 
> 
> On 26/08/2012, at 11:51 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
>> On Mon, Aug 6, 2012 at 3:39 PM, Adrien W. de Croy <adrien@qbik.com> wrote:
>>> Anyone here from the TLS WG able to comment on whether there are plans to
>>> combat MITM in this respect?  It's interesting to see the comment about
>>> recent TLS WG rejection of support for inspection.
>> 
>> As TLS WG Chair:
>> 1. As Stephen says, the TLS WG saw a presentation about explicit support
>> for proxies and there was very little support in the room for that idea. This
>> isn't to say that some future version of this idea would not be accepted,
>> but there are no current plans in this area.
>> 
>> 2. RFC 2818 was a TLS WG item, so any updates to that would really need
>> to be done by the TLS WG.
>> 
>> -Ekr
> 
> --
> Mark Nottingham   http://www.mnot.net/
> 
> 
> 
> 

--
Mark Nottingham   http://www.mnot.net/
Received on Thursday, 13 September 2012 05:31:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 September 2012 05:31:15 GMT