W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: HTTPS, proxying, and all that...

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 11 Jan 2013 19:57:10 +0000
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: Ilya Grigorik <ilya@igvita.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <15984.1357934230@critter.freebsd.dk>
--------
In message <50F06B93.6060309@cs.tcd.ie>, Stephen Farrell writes:

>If someone abuses our protocols (which from reports is what
>seems to have happened here) there's nothing we can do to
>stop them.

The reason they "abuses your protocol" is that the protocol has
been designed such that it does not support a surprisingly
big class of legitimate usecases.

Theirs may or may not be legit, but the example clearly
illustrates the security failure you so often see, when
a protocol does not degrade gracefully.

>We can and are working on ways to allow for better detection
>of such MITM attacks, but that's different.

Yes, fine, cool.

But how about allowing for them, for instance where they are mandated
by law ?

(Pornfilters at schools, inmates communications in high security
prisons.  Parental control filters in homes.)

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 11 January 2013 19:57:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 11 January 2013 19:57:35 GMT