- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Tue, 10 Dec 2013 18:43:55 +1300
- To: ietf-http-wg@w3.org
On 10/12/2013 3:02 p.m., Stephen Farrell wrote: > > > On 12/10/2013 01:45 AM, William Chan (ιζΊζ) wrote: >> Just so we're clear, the common methods already in use impact all >> consumers of TLS, not just browsers. They're getting added to the >> system certificate store, so they affect all applications. But the >> primary reason that it gets installed in the system certificate store >> is because these proxies want to MITM browser connections. > > Right. And if vendors, operators or users do that that's their > responsibility. But if we do/endorse that, then we (the IETF) > have to bear some responsibility for other uses of TLS or we're > not doing our job. At least to the level of knowing what might > be broken, but even that's a huge job. So I really think the > HTTP proxy issue is best addressed via HTTP mechanisms to be > honest. > And there is the rub. You see there are no HTTP mechanisms until the TLS has been MITM'd away. Amos
Received on Tuesday, 10 December 2013 05:44:24 UTC