W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: HTTPS, proxying, and all that...

From: Nico Williams <nico@cryptonector.com>
Date: Mon, 14 Jan 2013 10:28:39 -0600
Message-ID: <CAK3OfOiQwesSRLRrEwrwTZ-jDAExU4_POBr+SR2TqhOpCVRy5Q@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
The only way to degrade gracefully that I can see is to have one more
layer of end-to-end security (key exchange, authentication,
per-message security) that provides at least integrity protection that
survives any MITM at lower layers.  That way you can a) detect MITMs,
b) let them at most see the plaintext.

And if you want you could further encrypt data and let the MITMs at
lower layers eat cake.  But this would merely set off a race to MITM
the new protocol.  Also we'd be accused of trying to replace TLS,
re-inventing the wheel, ...

Nico
--
Received on Monday, 14 January 2013 16:29:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 14 January 2013 16:29:11 GMT