W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Upgrade status for impl draft 1

From: Eliot Lear <lear@cisco.com>
Date: Thu, 28 Feb 2013 11:00:02 +0100
Message-ID: <512F2AA2.3050307@cisco.com>
To: Amos Jeffries <squid3@treenet.co.nz>
CC: ietf-http-wg@w3.org

On 2/28/13 9:06 AM, Amos Jeffries wrote:
> Fine. MITM have easy access to DNS to learn these details, same as the
> client does. All they will do is intercept the HTTPS channel and
> answer it from fetches sent to 8080, same as they do today. Status Quo.
No that's a poorly written client, when it accepts plaintext while
expecting TLS. Unless of course they the DO speak TLS with a fake or
invalid cert. That **is** a problem but it is a problem, but not with
the DNS mechanism.

But to your main point, the draft introduces a usage case that can be
dealt with in a number of different ways, and it is simply important to
document both the concern and the remediation.

Eliot
Received on Thursday, 28 February 2013 10:00:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 28 February 2013 10:00:40 GMT