W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 3 Dec 2015 16:38:27 -0800
Message-ID: <CA+9kkMCkw00x_Sp9-gJ1yQ3npvoNS+Gstze8-RQHfAsGh=8gVA@mail.gmail.com>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Robert Collins <robertc@robertcollins.net>
On Thu, Dec 3, 2015 at 2:26 PM, Alex Rousskov <
rousskov@measurement-factory.com> wrote:

>  It could be this
> ​ ​
> WG job to design protocols and deployment recommendations that make
> ​ ​
> monitoring easy to integrate, discover, and either consent to or reject.

​The working group is constrained to work ​

​within the limits set out in general IETF policy.  In this case, that is
RFC 2804.

Look particularly at section 3.  As you will note from that, there are
certainly middleboxes which are within scope (configured HTTP proxies among
them).  But there are others which are not.  I know of no interception
proxy requiring a newly installed root CA which would fit within the
current policy, but I'm willing to be informed should there be one.  But
the common case is clearly outside the scope of the engineering efforts
appropriate to the IETF, according to our current policies.


Received on Friday, 4 December 2015 00:38:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC