- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 07 Aug 2012 06:13:14 +0000
- To: Mark Nottingham <mnot@mnot.net>
- cc: Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
In message <0697836F-C4AD-4D89-AB5E-2C83B16A91AF@mnot.net>, Mark Nottingham wri tes: >It's a really big logical leap from the existence of an attack to >changing the fundamental semantics of the URI scheme. And, that's what a >MITM proxy is -- it's not legitimate, it's not a recognised role, it's >an attack. We shouldn't legitimise it. As I have said earlier: Many of these deployments have grounds in valid legal requirements, and they only happen to become MITM because the TLS protocol offers no other alternative. The problem is that TLS does not offer support intermediaries, and people work around that lack of support when the law says they must. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 7 August 2012 06:13:40 UTC