W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

RE: Benjamin Carlyle http 2.0 expression of interest

From: Benjamin Carlyle <benjamincarlyle@soundadvice.id.au>
Date: Wed, 25 Jul 2012 17:49:12 +1000
Message-ID: <CAN2g+6a9H8GRC9dPHsK+Jnw0-cQD_gL1-Cc-p0gW3BqvaJdJ6Q@mail.gmail.com>
To: Anil Sharma <asharma@sandvine.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>

> #1 Message level signatures
> Transport level security provides privacy and non repudiation at the
penalty of denying intermediaries the right to inspect messages and
otherwise be involved in a transaction. Message level security measures
could bring about specific benefits for http in relation to REST and
practical use cases. For example:
On Jul 23, 2012 4:38 AM, "Anil Sharma" <asharma@sandvine.com> wrote:
> I didn’t understand your point 1. Are you saying that no one should be
allowed to inspect messages if someone wants complete privacy and he has
enabled end to end encryption?

I don't see any reason to deny users the right of end to end protection.
However my cases are machine to machine interactions between railway
control systems and the like. Privacy in such environments is enforced
primarily by keeping networks separated and including firewalls at
connection points between networks. In this context it is necessary to have
visibility at the firewalls of relevant information about requests: which
network they are transiting from and to, which authority they are addressed
to and sometimes more detailed url inspection, which method is being used
and sometimes more detailed header and body inspection.

In this context the firewalls need to see the message content privacy is
broadly not a concern as the message would not be on a given network if the
servers on that network were not allowed to see it. Designating trusted
firewalls could diminish the problem introduced by transport layer
encryption, but may make management of systems over time more complex.
Currently if two adjacent systems need to communicate we place a firewall
on each side of the connection. Each firewall is responsible for protecting
the system that it is member of. Changes to the other system's firewall
currently don't impact my system unless it starts to deny essential traffic.

Any traffic not understood by the firewall will be rejected, so certainly
any transport layer encryption must be terminated at each firewall as they
are included into a trusted chain. However it is overkill and complicates
matters to introduce this encryption on these networks which already enjoy
a combination of physical and VPN security measures.

Received on Wednesday, 25 July 2012 07:49:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:03 UTC