W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Semantics of HTTPS

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Thu, 13 Sep 2012 11:22:54 -0400
Message-ID: <CAMm+Lwi-CYPbEXDucjSVM273LKkprBMY=1hUA5dRwEnGxLBLaQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Thu, Sep 13, 2012 at 10:56 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie
> wrote:

>
>
> On 09/13/2012 02:47 PM, Phillip Hallam-Baker wrote:
> > 3) Provide a comprehensive mechanism that is conditioned on informed
> > consent.
>
> I'm not at all sure that this option is even feasible for https.
>
> There is a 4th option: leave the e2e semantics as-is and write an
> RFC called "HTTPS MITM considered harmful" that explains the
> issues and trade-offs and says why we don't want to standardise
> that (mis)behaviour.
>
> S
>

Isn't that what I proposed in 2?

I would be willing to contribute to/work on that draft.


Option 3 is certainly possible but I would see it as a separate browser,
lets call it PANOPTICON, for some reason all caps seem appropriate. This
would be something that enterprises could install on their internal
networks in environments where the intercept requirement applied.

-- 
Website: http://hallambaker.com/
Received on Thursday, 13 September 2012 15:23:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 September 2012 15:23:36 GMT