- From: Martin Nilsson <nilsson@opera.com>
- Date: Sun, 15 Jun 2014 22:34:16 +0200
- To: ietf-http-wg@w3.org
On Sun, 15 Jun 2014 21:48:55 +0200, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > I'm not sure that I'm exactly clear on what's proposed but in any case > the above is not at all attractive. I thought we had already had the > discussion here that ended up concluding that MITMing TLS is not the > way to try tackle an HTTP problem. The MITMing-TLS approach has been > proposed and rejected many times. The problem is that it hasn't been rejected in practice. There are a lot of root certificates installed on the client side to facilitate MITM-TLS-proxies. This is not good. The TLS aims to make communication with the highest degree of confidenitality and integrity possible. That is good. Unfortunately it is entirely binary, so if an intermediary wants to do anything with the traffic, block specific URLs or add additional headers, it has to drop the security to zero. That is not good. /Martin Nilsson -- Using Opera's mail client: http://www.opera.com/mail/
Received on Sunday, 15 June 2014 20:34:47 UTC