Re: Semantics of HTTPS

It did not make sense there when HTTPS is treated as the URN instead of the
URI, but it did make sense if direct use of the URI indicates no proxy,
end-to-end.

On Monday, August 6, 2012, Robert Collins wrote:

> On Tue, Aug 7, 2012 at 9:16 AM, Mark Nottingham <mnot@mnot.net<javascript:;>>
> wrote:
> > It's a really big logical leap from the existence of an attack to
> changing the fundamental semantics of the URI scheme. And, that's what a
> MITM proxy is -- it's not legitimate, it's not a recognised role, it's an
> attack. We shouldn't legitimise it.
>
> It is however massively widespread. Its not 'attack' in the sense of
> 'well, someone /might do this/', its an attack in the sense of 'well I
> get my IP address at work via DHCP'.
>
> -Rob
>
>

Received on Monday, 6 August 2012 22:22:00 UTC