Re: Semantics of HTTPS

I haven't seen any more discussion of this. 

Being that both the TLS WG Chair and at least one security AD have both unambiguously said that it should be considered an e2e protocol (please correct if I'm wrong), we return to the original question --

Should we state that the HTTPS URI scheme implies end-to-end security (i.e., between the user-agent and the origin server)?

Regards,


On 26/08/2012, at 11:51 AM, Eric Rescorla <ekr@rtfm.com> wrote:

> On Mon, Aug 6, 2012 at 3:39 PM, Adrien W. de Croy <adrien@qbik.com> wrote:
>> Anyone here from the TLS WG able to comment on whether there are plans to
>> combat MITM in this respect?  It's interesting to see the comment about
>> recent TLS WG rejection of support for inspection.
> 
> As TLS WG Chair:
> 1. As Stephen says, the TLS WG saw a presentation about explicit support
> for proxies and there was very little support in the room for that idea. This
> isn't to say that some future version of this idea would not be accepted,
> but there are no current plans in this area.
> 
> 2. RFC 2818 was a TLS WG item, so any updates to that would really need
> to be done by the TLS WG.
> 
> -Ekr

--
Mark Nottingham   http://www.mnot.net/

Received on Thursday, 13 September 2012 05:06:58 UTC