Re: Semantics of HTTPS

+1 to Karl's comments; they address the fundamentals here. The basic 
concept being proposed is understandable (especially in the context of 
virus filtering), but its a door that shouldn't be opened for https 
schemed urls. Beyond the "power" issue is the likelihood that such a 
configuration would be gamed through social engineering.


On 8/6/2012 5:59 PM, Karl Dubost wrote:
> Le 6 août 2012 à 17:41, Willy Tarreau a écrit :
>> I'm not advocating MITM, quite the opposite : I'm advocating valid use of proxies via opt-in to put an end to MITM.
> * I can understand the why for proposing a validation of this usage.
> * I can also see why many businesses will start to propose this as the default feature for users without a real choice for them.
> There are plenty of EULA already that users sign-up without reading because the « power » is on the side of the service. I'm not sure it is a good idea to push further in that direction without proposing a real secure end to end mechanism in the platform.

Received on Tuesday, 7 August 2012 00:58:29 UTC