Re: Semantics of HTTPS

On 09/13/2012 02:47 PM, Phillip Hallam-Baker wrote:
> 3) Provide a comprehensive mechanism that is conditioned on informed
> consent.

I'm not at all sure that this option is even feasible for https.

There is a 4th option: leave the e2e semantics as-is and write an
RFC called "HTTPS MITM considered harmful" that explains the
issues and trade-offs and says why we don't want to standardise
that (mis)behaviour.


Received on Thursday, 13 September 2012 14:57:13 UTC