W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Trusted proxy UI strawman

From: Martin Nilsson <nilsson@opera.com>
Date: Sun, 15 Jun 2014 22:34:16 +0200
To: ietf-http-wg@w3.org
Message-ID: <op.xhijferqiw9drz@beryllium.bredbandsbolaget.se>
On Sun, 15 Jun 2014 21:48:55 +0200, Stephen Farrell  
<stephen.farrell@cs.tcd.ie> wrote:

> I'm not sure that I'm exactly clear on what's proposed but in any case
> the above is not at all attractive. I thought we had already had the
> discussion here that ended up concluding that MITMing TLS is not the
> way to try tackle an HTTP problem. The MITMing-TLS approach has been
> proposed and rejected many times.

The problem is that it hasn't been rejected in practice. There are a lot  
of root certificates installed on the client side to facilitate  
MITM-TLS-proxies. This is not good.

The TLS aims to make communication with the highest degree of  
confidenitality and integrity possible. That is good. Unfortunately it is  
entirely binary, so if an intermediary wants to do anything with the  
traffic, block specific URLs or add additional headers, it has to drop the  
security to zero. That is not good.

/Martin Nilsson

Using Opera's mail client: http://www.opera.com/mail/
Received on Sunday, 15 June 2014 20:34:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC