- From: Richard Wheeldon (rwheeldo) <rwheeldo@cisco.com>
- Date: Fri, 20 Jun 2014 00:46:53 +0000
- To: Adrien de Croy <adrien@qbik.com>, Barry Leiba <barryleiba@computer.org>, Peter Lepeska <bizzbyster@gmail.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
> I think any efforts to block out the possibility for intermediaries to inspect and modify traffic in HTTP would be wasted. Nor is it desirable, IMHO. There's an implicit assumption in the idea that proxies shouldn't interfere that the that endpoints (hosts or servers) are themselves trustworthy. Whilst this might be the majority case, it's certainly not universally true by a long way. Take for example the Microsoft stats on infected hosts: http://www.microsoft.com/eu/on-the-issues/article/windows-xp-losing-pace-in-the-eu.aspx or those which are running with limited protection: http://www.microsoft.com/security/sir/story/default.aspx#!why_upgrade or any amount of evidence into the volumes of Windows and Android malware. In many cases the network is going to be in a better state than the endpoint, Richard
Received on Friday, 20 June 2014 00:47:33 UTC