- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Tue, 10 Dec 2013 02:02:11 +0000
- To: "William Chan (陈智昌)" <willchan@chromium.org>
- CC: Mark Nottingham <mnot@mnot.net>, Adrien de Croy <adrien@qbik.com>, Roberto Peon <grmocg@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 12/10/2013 01:45 AM, William Chan (陈智昌) wrote: > Just so we're clear, the common methods already in use impact all > consumers of TLS, not just browsers. They're getting added to the > system certificate store, so they affect all applications. But the > primary reason that it gets installed in the system certificate store > is because these proxies want to MITM browser connections. Right. And if vendors, operators or users do that that's their responsibility. But if we do/endorse that, then we (the IETF) have to bear some responsibility for other uses of TLS or we're not doing our job. At least to the level of knowing what might be broken, but even that's a huge job. So I really think the HTTP proxy issue is best addressed via HTTP mechanisms to be honest. S.
Received on Tuesday, 10 December 2013 02:02:46 UTC