- From: Willy Tarreau <w@1wt.eu>
- Date: Mon, 26 Mar 2012 06:11:02 +0200
- To: "Adrien W. de Croy" <adrien@qbik.com>
- Cc: Adam Barth <w3c@adambarth.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Mar 26, 2012 at 12:52:44AM +0000, Adrien W. de Croy wrote: > > ------ Original Message ------ > From: "Adam Barth" <w3c@adambarth.com> > To: "Adrien W. de Croy" <adrien@qbik.com> > Cc: "HTTP Working Group" <ietf-http-wg@w3.org> > Sent: 26/03/2012 1:46:57 p.m. > Subject: Re: HTTP/2.0 goal: polcy enforcement > >Don't these intermediaries need to support TLS anyway to enforce an > >acceptable use policy on HTTPS traffic? > > > mostly that's handled by CONNECT rather than MITM. > > MITM is generally frowned upon, and seems IMO to be a bit fragile - it > depends on the willingness of client and server vendors to continue to > let it happen, which could be a political hot potato if there's ever > any abuse. It doesn't work with client certs either. > > I'm all for using TLS everywhere (apart from the load), but proxies > need access to raw payload. That requirement isn't going away. It > would be more successful IMO to explicitly provide for it it than > ignore it. Hence a protocol that can ask a proxy to make a TLS > connection on its behalf would be a better option IMO. +1 on the "GET https://" > Adrien Willy
Received on Monday, 26 March 2012 04:11:35 UTC