- From: Eliot Lear <lear@cisco.com>
- Date: Mon, 26 Aug 2013 12:02:27 +0200
- To: Mark Nottingham <mnot@mnot.net>
- CC: "William Chan (ιζΊζ)" <willchan@chromium.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Hi Mark: > We have a lot of things to discuss around what that profile looks like; e.g., whether cert validation should take place. Since the negotiation mechanism itself is vulnerable to a downgrade attack, and since HTTP URIs don't have a strong security semantic, it may be reasonable to assume that certs for HTTP URIs shouldn't be validated -- which would ease deployment considerably. Like I said, though, there will need to be a lot of discussion. And we discussed this in Paris and rejected it for all the reasons we are now revisiting. And in Paris what we discussed was the fact that this will not solve Mike and Roberto's new feature deployment problem on port 80, precisely because of the downgrade attack issue. The other issue left is the Starbucks snooping problem, and I still claim that is better addressed at other layers. Finally there is the snooping that goes on in the middle of the network, which you raised at the meeting. I don't think this will solve that problem either, but it may cause middlebox vendors to sell some additional features to their service providers, based on government mandates. I would suggest that a better focus is still honest-to-goodness easing of end-to-end authentication issues. This is where the hard work needs to happen, and it will also facilitate dealing with the fundamental issues you've raised concerns about. This, to me, is the high order bit. Eliot
Received on Monday, 26 August 2013 10:03:01 UTC