- From: patrick mcmanus <pmcmanus@mozilla.com>
- Date: Mon, 06 Aug 2012 20:58:04 -0400
- To: ietf-http-wg@w3.org
+1 to Karl's comments; they address the fundamentals here. The basic concept being proposed is understandable (especially in the context of virus filtering), but its a door that shouldn't be opened for https schemed urls. Beyond the "power" issue is the likelihood that such a configuration would be gamed through social engineering. -Patrick On 8/6/2012 5:59 PM, Karl Dubost wrote: > Le 6 août 2012 à 17:41, Willy Tarreau a écrit : >> I'm not advocating MITM, quite the opposite : I'm advocating valid use of proxies via opt-in to put an end to MITM. > * I can understand the why for proposing a validation of this usage. > > * I can also see why many businesses will start to propose this as the default feature for users without a real choice for them. > > > There are plenty of EULA already that users sign-up without reading because the « power » is on the side of the service. I'm not sure it is a good idea to push further in that direction without proposing a real secure end to end mechanism in the platform. > >
Received on Tuesday, 7 August 2012 00:58:29 UTC