W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: HTTPS, proxying, and all that...

From: Eliot Lear <lear@cisco.com>
Date: Fri, 11 Jan 2013 22:52:36 +0100
Message-ID: <50F089A4.7070101@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: Poul-Henning Kamp <phk@phk.freebsd.dk>, Ilya Grigorik <ilya@igvita.com>, HTTP Working Group <ietf-http-wg@w3.org>

On 1/11/13 8:44 PM, Stephen Farrell wrote:
>> The result is that people circumvent the design of HTTPS,
>> with a host security issues as a result of broken design assumptions.
>> HTTP/2.0 should be designed so that such intrusions of the "end-to-end
>> argument" does not cause more than the minimally necessary loss of
>> security.
> Feel free to document a design that is not trivially insecure
> and that's acceptable to e.g. the likes of banks and educated
> end users and the IETF as a whole. FWIW, I've never seen such
> a design. All I've seen so far is the precursor arm-waving for
> such a design;-)

How does this differ from what we have today?

Received on Friday, 11 January 2013 21:53:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:09 UTC