W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Thu, 13 Sep 2012 13:30:26 +0000
To: Willy Tarreau <w@1wt.eu>
cc: Mark Nottingham <mnot@mnot.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Eric Rescorla <ekr@rtfm.com>, "Adrien W. de Croy" <adrien@qbik.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <1481.1347543026@critter.freebsd.dk>
In message <20120913115049.GC4074@1wt.eu>, Willy Tarreau writes:

>If my browser tells me "You asked me to securely connect to this site,
>but the proxy refuses. I can only securely connect to the proxy which

Insert here: "claims it"

>will securely connect to the site, and will be able to see and modify
>all your exchanges on your behalf. Are you sure you still want to connect?"
>then I know what I'm going to decide based on which site I want to visit.

In practice I expect browsers will grow some kind of "always trust
this proxy" checkbox, and that it will become an obvious attack vector.

>The technical point is if we permit the secure end to start at the proxy,
>then we need to ensure that what is announced to the user is what is
>going to be performed.

Precisely.

One thing that worries me, is that there may be more than one proxy
in the chain that wants its fingers in the pie (dept, bigcorp, govt.)
and the notice/accept method needs to cope with that.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 13 September 2012 14:07:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 September 2012 14:07:49 GMT