Re: Semantics of HTTPS

In message <20120913115049.GC4074@1wt.eu>, Willy Tarreau writes:

>If my browser tells me "You asked me to securely connect to this site,
>but the proxy refuses. I can only securely connect to the proxy which

Insert here: "claims it"

>will securely connect to the site, and will be able to see and modify
>all your exchanges on your behalf. Are you sure you still want to connect?"
>then I know what I'm going to decide based on which site I want to visit.

In practice I expect browsers will grow some kind of "always trust
this proxy" checkbox, and that it will become an obvious attack vector.

>The technical point is if we permit the secure end to start at the proxy,
>then we need to ensure that what is announced to the user is what is
>going to be performed.

Precisely.

One thing that worries me, is that there may be more than one proxy
in the chain that wants its fingers in the pie (dept, bigcorp, govt.)
and the notice/accept method needs to cope with that.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Thursday, 13 September 2012 14:07:43 UTC