- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sun, 24 Nov 2013 19:27:11 +0000
- To: Mike Belshe <mike@belshe.com>
- CC: Yoav Nir <synp71@live.com>, Tim Bray <tbray@textuality.com>, Mike Bishop <Michael.Bishop@microsoft.com>, Alexandre Anzala-Yamajako <anzalaya@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 11/24/2013 07:15 PM, Mike Belshe wrote: > >> > But starting from an approach that assumes you can break TLS to >> > solve an HTTP problem would be sheer folly. Its been tried and >> > failed. If its tried again it'll fail again. >> > > You're not being practical. If we don't make it work explicitly, companies > are going to roll it out with MITM anyway. They care more about IP > protection than the additional risk they take on by breaking the TLS stream. Please see my earlier mail on how many other things would be broken should we stupidly break TLS for this. [1] And then go ask all those other folks who depend on TLS what they think is practical. As I've said, doing HTTP scanning or filtering *in* HTTP seems reasonable in some cases. Breaking TLS to meet that requirement does not. And breaking TLS is just not needed if real work on proxies gets done, but I don't know if the WG will do that or not. S. [1] http://lists.w3.org/Archives/Public/ietf-http-wg/2013OctDec/0906.html
Received on Sunday, 24 November 2013 19:27:41 UTC