W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Trusted proxy UI strawman

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sun, 15 Jun 2014 20:48:55 +0100
Message-ID: <539DF8A7.6090406@cs.tcd.ie>
To: bizzbyster@gmail.com, Martin Thomson <martin.thomson@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>


On 15/06/14 20:34, bizzbyster@gmail.com wrote:
> The whole idea of this proposal is to make it no different than
> today's MITM ...

I'm not sure that I'm exactly clear on what's proposed but in any case
the above is not at all attractive. I thought we had already had the
discussion here that ended up concluding that MITMing TLS is not the
way to try tackle an HTTP problem. The MITMing-TLS approach has been
proposed and rejected many times. If HTTP needs a proxy solution,
please aim to develop an HTTP solution and do not affect the many other
protocols and applications within and beyond the IETF that depend on
TLS and that do not need an MITM. And that might not have a user or
browser or equivalent.

I mean we could repeat all that debate, but it seems better not to do
that to me at least.

S.
Received on Sunday, 15 June 2014 19:49:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC