My biggest issue with the transition to SSL has been the reduced security
it affords to M2M uses of http. I used to be able to throw a firewall in
between two railway systems that filters messages by method and URI regex
to limit the damage one compromised system can do to the next system down
the line. These are already private networks so although the extra layer of
protection is welcome, it is not strictly necessary.
I'm still pondering the precise solution on this one. At present it seems
to be to offload the SSL to the firewall also and to install each system's
certificates on their firewalls instead of on their servers, and then do
another SSL hop to the servers using a different certificate. This seems
more or less reasonable so probably doesn't necessitate a protocol change,
but at least for the moment adds cost to the solution that wasn't
previously there. Many firewalls are capable of http filtering but not of
SSL offload.
I guess the central use case here is "I don't want to read your messages. I
don't want to store them. I don't want a human to see them, but I want to
check to ensure they comply with policy" - a difficult one.