- From: Patrick McManus <pmcmanus@mozilla.com>
- Date: Wed, 18 Jul 2012 09:05:58 -0400
- To: grahame@healthintersections.com.au
- Cc: Paul Hoffman <paul.hoffman@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Wed, 2012-07-18 at 11:00 +1000, Grahame Grieve wrote: > > +1 to what seems to be a lot of developers: make TLS mandatory. > > > >> so, even when used in an internal application protocol, it's going to > >> be end to end > >> encrypted to make it super hard to debug? > > > > In an internal application protocol, why would it be "super hard to > > debug"? The client can do an HTTP dump before TLS, the server can do > > an HTTP dump after TLS; either of the sides could debug the TLS. > > yep. they can. But they have to. 3rd parties are shut out. I get that in > some circumstances this is good. But not all. As an example, I spend > quite a bit of my time looking at browser traffic now, to debug why > my servers or clients aren't working they way that a 3rd party > client/server set up is. Unless it's https, in which case.... I have to find > some other way. > this is just tooling.. and there are lots of good emerging answers to this. For firefox and chrome you can use the directions in https://developer.mozilla.org/en/NSS_Key_Log_Format to get a "keylog" file you can give to wireshark so it can simply decode a TLS packet capture. Its pretty sweet. Other tools will come along.
Received on Wednesday, 18 July 2012 13:06:41 UTC