W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: HTTPS, proxying, and all that...

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 11 Jan 2013 20:20:00 +0000
To: Yoav Nir <ynir@checkpoint.com>
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <69350.1357935600@critter.freebsd.dk>
In message <4613980CFC78314ABFD7F85CC302772111980795@IL-EX10.ad.checkpoint.com>
, Yoav Nir writes:

>The issue described in the link is described as a MitM attack. 

Which is the only option available with HTTPS.

It is surprisingly more common than you'd think in $bigcorp settings.

>Anyway, I don't see how HTTP/2 could do any better than that without
>becoming some kind of cross-layer monstrosity.

It could offer per-hop encryption as an alternative to end-to-end
encryption, while keeping the user reliably informed about the
level of security.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 11 January 2013 20:20:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:09 UTC