Re: Semantics of HTTPS

On 06/08/2012, at 4:14 PM, Willy Tarreau <> wrote:

>> Right. That's a big change from the semantics of HTTPS today, though; right
>> now, when I see that, I know that I have end-to-end TLS.
> No, you *believe* you do, you really don't know. That's clearly the problem
> with the way it works, man-in-the middle proxies are still able to intercept
> it and to forge certs they sign with their own CA and you have no way to know
> if your communications are snooped or not.

It's a really big logical leap from the existence of an attack to changing the fundamental semantics of the URI scheme. And, that's what a MITM proxy is -- it's not legitimate, it's not a recognised role, it's an attack. We shouldn't legitimise it. 


Mark Nottingham

Received on Monday, 6 August 2012 21:17:11 UTC