Re: HTTPS, proxying, and all that...

On 01/11/2013 07:20 PM, Poul-Henning Kamp wrote:
> --------
> In message <CAKRe7JHidJN9rnp9fM_7aevR9opZ7P4GnMT+2C3tdoFqLg6ShQ@mail.gmail.com>
> , Ilya Grigorik writes:
> 
>> How does this impact the "long term reality of HTTP/2.0"?
> 
> Quite simple:
> 
> Right now HTTPS is designed to implement end-to-end crypto, but while
> that is a nice ideal, 

That's not an ideal. Its how HTTPS is designed. I don't think
anyone thought then or now that HTTPS was an idealistic
endeavour.

> it is not possible for IETF to enforce this in
> practice.  

The IETF doesn't enforce anything like this, nor try to, nor
want to try to.

If someone abuses our protocols (which from reports is what
seems to have happened here) there's nothing we can do to
stop them. I would expect that the market and increasing
security awareness might do that. For example. I'd be quite
surprised if any banks were particularly happy to see these
recent reports.

We can and are working on ways to allow for better detection
of such MITM attacks, but that's different.

> The result is that people circumvent the design of HTTPS,
> with a host security issues as a result of broken design assumptions.
> 
> HTTP/2.0 should be designed so that such intrusions of the "end-to-end
> argument" does not cause more than the minimally necessary loss of
> security.

Feel free to document a design that is not trivially insecure
and that's acceptable to e.g. the likes of banks and educated
end users and the IETF as a whole. FWIW, I've never seen such
a design. All I've seen so far is the precursor arm-waving for
such a design;-)

You can require that a circle be squared as much as you
like and complain when that doesn't happen, but that's not
particularly helpful IMO.

> Or if you will: "Graceful degradation"

I look forward to reading your I-D.

Stephen.

Received on Friday, 11 January 2013 19:44:45 UTC