Re: I revised the pro/contra document

On 11/24/2013 07:15 PM, Mike Belshe wrote:
>> > But starting from an approach that assumes you can break TLS to
>> > solve an HTTP problem would be sheer folly. Its been tried and
>> > failed. If its tried again it'll fail again.
>> >
> You're not being practical.  If we don't make it work explicitly, companies
> are going to roll it out with MITM anyway.  They care more about IP
> protection than the additional risk they take on by breaking the TLS stream.

Please see my earlier mail on how many other things would
be broken should we stupidly break TLS for this. [1] And
then go ask all those other folks who depend on TLS what
they think is practical.

As I've said, doing HTTP scanning or filtering *in* HTTP
seems reasonable in some cases. Breaking TLS to meet that
requirement does not. And breaking TLS is just not needed
if real work on proxies gets done, but I don't know if the
WG will do that or not.



Received on Sunday, 24 November 2013 19:27:41 UTC