Re: Semantics of HTTPS from Jonathan Ballard on 2012-08-06 (ietf-http-wg@w3.org from July to September 2012)

From: Jonathan Ballard <dzonatas@gmail.com>
Date: Mon, 6 Aug 2012 15:21:33 -0700
To: Robert Collins <robertc@squid-cache.org>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CAAPAK-4VEfthVWMYLr=mC9X4YR3Bd6C4RKgdoNFO8vxctbAaVg@mail.gmail.com>

It did not make sense there when HTTPS is treated as the URN instead of the
URI, but it did make sense if direct use of the URI indicates no proxy,
end-to-end.

On Monday, August 6, 2012, Robert Collins wrote:

> On Tue, Aug 7, 2012 at 9:16 AM, Mark Nottingham <mnot@mnot.net<javascript:;>>
> wrote:
> > It's a really big logical leap from the existence of an attack to
> changing the fundamental semantics of the URI scheme. And, that's what a
> MITM proxy is -- it's not legitimate, it's not a recognised role, it's an
> attack. We shouldn't legitimise it.
>
> It is however massively widespread. Its not 'attack' in the sense of
> 'well, someone /might do this/', its an attack in the sense of 'well I
> get my IP address at work via DHCP'.
>
> -Rob
>
>

Received on Monday, 6 August 2012 22:22:00 UTC