Re: I revised the pro/contra document

Le Lun 25 novembre 2013 14:22, Stephen Farrell a écrit :

> What I've been saying (repeatedly, sorry:-) is that if a
> solution for inbound malware scanning or similar is developed
> for HTTP, then that needs to be done without breaking TLS, and
> that standardising a generic MITM attack on TLS would mean
> breaking TLS, which is used by many more protocols than just

If properly specced it won't break tls anymore than sending mail to through (that does malware scanning) breaks tls
(though being able to do it with message encryption again, like in mail,
would be great)

The whole problem here is that browsers and web sites got used to thinking
of https as end-to-end when the http protocol is explicitely hop-by-hop,
and when the hop-by-hop nature of http reasserts itself they see it as an
attack they try to "fix" instead of faulty expectations.

Nicolas Mailhot

Received on Tuesday, 26 November 2013 09:54:54 UTC