- From: Patrick McManus <pmcmanus@mozilla.com>
- Date: Tue, 24 Jun 2014 11:35:17 -0400
- To: Peter Lepeska <bizzbyster@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAOdDvNpK8G6Bpu20moJVS3NomuP_5C89TCt=90RfXTmvzRkkew@mail.gmail.com>
On Tue, Jun 24, 2014 at 10:43 AM, <bizzbyster@gmail.com> wrote: > I wonder if the browser guys can weigh in on this. Martin, Patrick, Will, > Rob? Others? Do you agree that our choices are as follows? > > 1) Do nothing. This is today's MITM with user installed CAs. > 2) Some type of trusted proxy UI support that gives the user notification > and control. Something similar to this: > http://caffeinatetheweb.com/presentations/trusted_proxy.html#/. > 3) Disable all mechanisms for HTTPS decryption by proxies (for instance, > enforce pinned certs) > > I think its inevitable that different parties will make different choices and some of those choices won't be on your list. This is because there isn't a critical mass of people that have come together in order to agree to a path for this problem in this forum. > Do you agree that #3 is not an option b/c browsers will immediately stop > working for a large number of corporate users? > Some variation of #3 is definitely an option. They all have ups and downs. > And that #2 is an improvement over #1 since it does not increase security > vulnerability but gives user some visibility and control? > > in some aspects its better - but its not strictly better. #1 is generally done with administrative control of the OS which is a protection #2 does not have. I'm not convinced that a "make my internet work" button qualifies as visibility or control or that consent can be meaningful in this context. I don't have an alternative. As others have pointed out, this may not actually be an HTTPbis protocol > issue. > I agree that it is fruitless to be talking about it in this space which is why I haven't expended a lot of energy on it right now and don't intend to fill my days replying to the various threads. This discussion will boil down to "I want my MITM model to do something noble vs I want two-party privacy" and each side sees massive potential for misuse of the other side's position (one side has spying/secret theft/tracking/big-data/security injection concerns, the other DLP, viruses, the detection of bit patterns prohibited by law, etc.. both have clear precedent in practice.). This isn't to say there is or isn't trust among the players in this discussion but they of course won't be the only implementers at the end of the day. -P
Received on Tuesday, 24 June 2014 15:35:45 UTC