Re: Content security model

On Thu, Jul 26, 2012 at 2:01 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <CABaLYCtZjfR0S3fz-vt8S6ZPaa05B0e5X+7tWPYb=
> 5pZg7kGGA@mail.gmail.com>
> , Mike Belshe writes:
>
> >Actually, TLS is end-to-end encrypted and just an opaque byte stream as
> far
> >as intermediaries are concerned.  I'm not sure what you mean by
> hop-by-hop,
> >but TLS is not (to me) hop-by-hop.
>
> TLS is, as far as content is concerned hop-by-hop.
>

Usage of the broken CA-certificate model for key-material limits TLS
> to one hop which connects end to end, but other key-material models
> support more hops.
>
>
No - its end to end- those in the middle cannot see the contents.    The
only ones that can see the content are the client and the origin server.
 This is the basic building block of e-commerce.

You're saying the CA system is so broken that every proxy has access to all
TLS traffic, which is provably false.

Mike




> This is one of the reasons I push the envelope+(metadata+content)
> model for HTTP/2.0:  You can use TLS to gain privacy for
> the envelope on a hop-by-hop basis, while still allowing the
> intermediaries to act on that envelope, and while still having
> end-to-end privacy on the metadata+content.
>
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>

Received on Thursday, 26 July 2012 17:52:40 UTC