- From: Phillip Hallam-Baker <hallam@gmail.com>
- Date: Thu, 13 Sep 2012 11:22:54 -0400
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Received on Thursday, 13 September 2012 15:23:30 UTC
On Thu, Sep 13, 2012 at 10:56 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie > wrote: > > > On 09/13/2012 02:47 PM, Phillip Hallam-Baker wrote: > > 3) Provide a comprehensive mechanism that is conditioned on informed > > consent. > > I'm not at all sure that this option is even feasible for https. > > There is a 4th option: leave the e2e semantics as-is and write an > RFC called "HTTPS MITM considered harmful" that explains the > issues and trade-offs and says why we don't want to standardise > that (mis)behaviour. > > S > Isn't that what I proposed in 2? I would be willing to contribute to/work on that draft. Option 3 is certainly possible but I would see it as a separate browser, lets call it PANOPTICON, for some reason all caps seem appropriate. This would be something that enterprises could install on their internal networks in environments where the intercept requirement applied. -- Website: http://hallambaker.com/
Received on Thursday, 13 September 2012 15:23:30 UTC