W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: I revised the pro/contra document

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sun, 24 Nov 2013 19:27:11 +0000
Message-ID: <5292530F.3040701@cs.tcd.ie>
To: Mike Belshe <mike@belshe.com>
CC: Yoav Nir <synp71@live.com>, Tim Bray <tbray@textuality.com>, Mike Bishop <Michael.Bishop@microsoft.com>, Alexandre Anzala-Yamajako <anzalaya@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>


On 11/24/2013 07:15 PM, Mike Belshe wrote:
> 
>> > But starting from an approach that assumes you can break TLS to
>> > solve an HTTP problem would be sheer folly. Its been tried and
>> > failed. If its tried again it'll fail again.
>> >
> You're not being practical.  If we don't make it work explicitly, companies
> are going to roll it out with MITM anyway.  They care more about IP
> protection than the additional risk they take on by breaking the TLS stream.

Please see my earlier mail on how many other things would
be broken should we stupidly break TLS for this. [1] And
then go ask all those other folks who depend on TLS what
they think is practical.

As I've said, doing HTTP scanning or filtering *in* HTTP
seems reasonable in some cases. Breaking TLS to meet that
requirement does not. And breaking TLS is just not needed
if real work on proxies gets done, but I don't know if the
WG will do that or not.

S.

[1] http://lists.w3.org/Archives/Public/ietf-http-wg/2013OctDec/0906.html
Received on Sunday, 24 November 2013 19:27:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC