Re: Semantics of HTTPS

On 9/13/12 7:50 AM, "Willy Tarreau" <w@1wt.eu> wrote:

>On Thu, Sep 13, 2012 at 08:59:06PM +1000, Mark Nottingham wrote:
>> We're getting off track here -- this issue is about the semantics of the
>> HTTPS scheme, in the context of HTTPbis, not potential future work.
>
>OK but it was a proposal to address some people's concern that "https"
>means "end-to-end" to people while currently at more and more places
>this is not true anymore.
>
>So the idea was to address this specific concern (which is a UI concern
>in my opinion) by proposing a different scheme in the browser.
>
>It looks like it's not a good idea in the end considering some of the
>points that were made.
>
>Going back to https, PHK is right that ends should be clearly defined,
>at least to the user. In my opinion, https could be end-to-end where
>one end is the local proxy. All we're dealing with is a matter of trust,
>which is not a technical thing to debate on but a user choice.

This gets more complicated where mutual auth is employed and the
destination server does not want to authenticate the proxy, i.e. e2e
authentication.  It'd be nice to have a means of allowing a client to
issue a (short lived) proxy certificate to the proxy to use when
authenticating to the destination, enabling the destination server to
authenticate the client by checking the last non-proxy certificate in the
path.  

>
>If my browser tells me "You asked me to securely connect to this site,
>but the proxy refuses. I can only securely connect to the proxy which
>will securely connect to the site, and will be able to see and modify
>all your exchanges on your behalf. Are you sure you still want to
>connect?"
>then I know what I'm going to decide based on which site I want to visit.
>
>The technical point is if we permit the secure end to start at the proxy,
>then we need to ensure that what is announced to the user is what is
>going to be performed.
>
>Regards,
>Willy
>
>

Received on Thursday, 13 September 2012 12:04:06 UTC