W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Content security model

From: Mike Belshe <mike@belshe.com>
Date: Thu, 26 Jul 2012 10:52:11 -0700
Message-ID: <CABaLYCtHp2+Pouu-V4faHg8JP7x5QfW54kHPyuuha_qGbgarXQ@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Phillip Hallam-Baker <hallam@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Thu, Jul 26, 2012 at 2:01 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <CABaLYCtZjfR0S3fz-vt8S6ZPaa05B0e5X+7tWPYb=
> 5pZg7kGGA@mail.gmail.com>
> , Mike Belshe writes:
> >Actually, TLS is end-to-end encrypted and just an opaque byte stream as
> far
> >as intermediaries are concerned.  I'm not sure what you mean by
> hop-by-hop,
> >but TLS is not (to me) hop-by-hop.
> TLS is, as far as content is concerned hop-by-hop.

Usage of the broken CA-certificate model for key-material limits TLS
> to one hop which connects end to end, but other key-material models
> support more hops.
No - its end to end- those in the middle cannot see the contents.    The
only ones that can see the content are the client and the origin server.
 This is the basic building block of e-commerce.

You're saying the CA system is so broken that every proxy has access to all
TLS traffic, which is provably false.


> This is one of the reasons I push the envelope+(metadata+content)
> model for HTTP/2.0:  You can use TLS to gain privacy for
> the envelope on a hop-by-hop basis, while still allowing the
> intermediaries to act on that envelope, and while still having
> end-to-end privacy on the metadata+content.
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 26 July 2012 17:52:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:03 UTC