Re: HTTPS, proxying, and all that... from Stephane Bortzmeyer on 2013-01-14 (ietf-http-wg@w3.org from January to March 2013)

From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Date: Mon, 14 Jan 2013 14:23:09 +0100
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Yoav Nir <ynir@checkpoint.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20130114132309.GA29528@nic.fr>

On Fri, Jan 11, 2013 at 08:20:00PM +0000,
 Poul-Henning Kamp <phk@phk.freebsd.dk> wrote 
 a message of 22 lines which said:

> It could offer per-hop encryption as an alternative to end-to-end
> encryption, while keeping the user reliably informed about the level
> of security.

Outside of the charter of the working group
<http://tools.ietf.org/wg/httpbis/charters>, I think ("Explicitly
out-of-scope items include...")

But there are three bigger problems:

1) It complicates the protocol, and complexity is the worst ennemy of
security.

2) I fail to see how it could be possible without introducing a lot of
new attack entry points.

3) [Warning: a citizen expresses a political opinion] I have zero
sympathy for the mentioned use-cases.

Received on Monday, 14 January 2013 13:24:13 UTC