W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Thu, 13 Sep 2012 15:56:21 +0100
Message-ID: <5051F415.9070503@cs.tcd.ie>
To: Phillip Hallam-Baker <hallam@gmail.com>
CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>


On 09/13/2012 02:47 PM, Phillip Hallam-Baker wrote:
> 3) Provide a comprehensive mechanism that is conditioned on informed
> consent.

I'm not at all sure that this option is even feasible for https.

There is a 4th option: leave the e2e semantics as-is and write an
RFC called "HTTPS MITM considered harmful" that explains the
issues and trade-offs and says why we don't want to standardise
that (mis)behaviour.

S
Received on Thursday, 13 September 2012 14:57:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 September 2012 14:57:20 GMT