W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: HTTP/2 vs. proxies ?

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 24 Jun 2014 05:00:17 +0000
To: "Amos Jeffries" <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <em812f4ff4-d6dc-4169-abaf-68528dd0dcb0@bodybag>

wiretapping is yet another issue.  The difference between a government 
agency wiretap, and a commercial organisation's MITM proxy, is that one 
is covert, and the other can usually be overt.

I thought the basis of the decisions / conclusions about wiretapping in 
2804 were related to the issues around covert wiretapping and government 
agency directives, rather than overt interception for other purposes.

If we had a proper mechanism to allow overt with opt-in consent for 
interception, would 2804 even apply?




------ Original Message ------
From: "Amos Jeffries" <squid3@treenet.co.nz>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 24/06/2014 4:09:52 p.m.
Subject: Re: HTTP/2 vs. proxies ?

>On 24/06/2014 10:43 a.m., Peter L wrote:
>>  I agree. But I think increased MITM will be an unintended 
>>consequence.
>
>AIUI, the editors have decided to go ahead in compliance with RFC2804 
>by
>ignoring the considerations for wiretapping.
>
>Sadly the choice of ignoring seems to implicitly mean that the spec 
>does
>not do anything to discourage the underlying factors driving 
>wiretapping
>interception of HTTP(S).
>
>Amos
>
>
Received on Tuesday, 24 June 2014 05:00:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC