- From: 陈智昌 <willchan@chromium.org>
- Date: Mon, 6 Aug 2012 15:28:10 -0700
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: Willy Tarreau <w@1wt.eu>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Message-ID: <CAA4WUYjt9NTcqkasvR7xY9csyUa_Wbqk+jWxO40ykmLZ-SGuWw@mail.gmail.com>
+1 On Monday, August 6, 2012, Stephen Farrell wrote: > > FWIW, I strongly agree with Mark on this. I'm sure that the > other SEC AD agrees too, and reckon that the SEC area as a > whole would also agree, but we can ask if that becomes useful. > A bit more below. > > On 08/06/2012 10:23 PM, Willy Tarreau wrote: > > On Mon, Aug 06, 2012 at 04:16:48PM -0500, Mark Nottingham wrote: > >> > >> On 06/08/2012, at 4:14 PM, Willy Tarreau <w@1wt.eu <javascript:;>> > wrote: > >> > >>>> Right. That's a big change from the semantics of HTTPS today, though; > right > >>>> now, when I see that, I know that I have end-to-end TLS. > >>> > >>> No, you *believe* you do, you really don't know. That's clearly the > problem > >>> with the way it works, man-in-the middle proxies are still able to > intercept > >>> it and to forge certs they sign with their own CA and you have no way > to know > >>> if your communications are snooped or not. > >> > >> It's a really big logical leap from the existence of an attack to > changing > >> the fundamental semantics of the URI scheme. And, that's what a MITM > proxy is > >> -- it's not legitimate, it's not a recognised role, it's an attack. We > >> shouldn't legitimise it. > > > > That's clearly what I'm suggesting : offer a clean way to have a proxy > inspect > > contents with the users' consent in the browser policy (using GET > https://) or > > ask for a tunnel to be established, assuming it should be end-to-end. > There > > will be no more solution than today to detect there's an MITM, but at > least > > there will be far less incentive for product authors to do that if it's > only > > for a handful of trustable websites. > > > > At the moment the state of affairs has created MITM proxies and we'd > better > > get rid of them by offering a solution to the problem they try to solve. > > The tls WG was offered that option again last week and rejected it > again. If the httpbis WG want to standardise some kind of mitm without > changing TLS then that seems to re-define https to me at least. > > Even though mitm hacks exist and people pay for them, the IETF has > actively and repeatedly refused to standardise that behaviour. > > Cheers, > S. > > > > > > > Willy > > > > > > > > > >
Received on Monday, 6 August 2012 22:28:37 UTC