- From: patrick mcmanus <pmcmanus@mozilla.com>
- Date: Thu, 29 Mar 2012 08:47:24 +0200
- To: ietf-http-wg@w3.org
On 3/29/2012 1:37 AM, Adrien W. de Croy wrote: > > For instance, OCSP and CRL is delivered over HTTP. This can't use > SSL/TLS, else it creates a paradox - how do you validate the cert used > to validate the cert (ad infinitum)? > There are a number of possibilities to bootstrap. Stapling is one of them. We're seeing even on the current internet that plain http is unreliable for this. > Another topical issue relates to infrastructure providers and security > concerns about eavesdropping. Your network infrastructure starts > phoning home using TLS and you'll have some nervous admins. Some > communication needs to be demonstrably open and transparent. It is an important point that when I (and others in this thread) advocate for SSL-everywhere we do not necessarily mean e2e. The working group needs to build mechanisms for opting into local intermediaries where the client knows that that is happening in a trusted way, has control over what goes e2e and what does not, and still maintains some kind of insight into the e2e trust chain. That is tricky work that in no way am I suggesting has been done - but it is doable. There will always be places where inspection is the law - we just need to build a system where that happens based on consent (where the other choice may certainly be "no-access"), instead of silently and passively and that it constrains passive attacks to the minimum set. (i.e. My university requires traffic inspection that I consent to, that doesn't mean I should use plain text so that the whole student body can also do their own traffic inspection).
Received on Thursday, 29 March 2012 06:48:34 UTC