W3C home > Mailing lists > Public > public-xg-webid@w3.org > March 2011

Re: report on EV and SSL MITM proxying

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 8 Mar 2011 16:09:25 +0100
Cc: <public-xg-webid@w3.org>
Message-Id: <1DBC02A7-3A9E-4A49-BA8E-DF04373C5A8B@bblfish.net>
To: peter williams <home_pw@msn.com>

On 8 Mar 2011, at 16:02, peter williams wrote:

> I think we are about 60% understanding https.

You said that in the previous mail where I answered your points one by one.

>  
> We are understanding now that not only can the outgoing corporate firewall be an attacker, so can any reverse proxy on the path. There may be n of them. Each one is semantically-attacking the end-end user model of https, just as each one has the  poisoning document caches. (This is the security way of looking at the web architecture J )

It can't be an attacker without putting a certificate on your machine, which it can only do if the machine is owned by the same organisation as the one that owns the firewall.

Can you answer this point, without a huge song and dance?

Henry
Received on Tuesday, 8 March 2011 15:10:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 March 2011 15:10:03 GMT