- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Wed, 2 Dec 2015 03:30:18 +1300
- To: ietf-http-wg@w3.org
On 1/12/2015 8:51 p.m., Walter H. wrote: > On 01.12.2015 00:15, Roland Zink wrote: >> >> TLS is also end-to-end > when you think of one end encrypting and one end decrypting that yes; > but there is nowhere said, that one end is any server sending the data > and the > other end is the client receiving the data ... >> >> I don't understand the problem. The message is send from server A >> through server B to recipient C. B can't read the message. As long as >> C can determine the message is from A (and not B) this is the same as >> with TLS, isn't it? > and exact this is the problem; C can't determine from where the message > comes ... > or do you really think there exist such stupid webadmins that publish > encrypted data, which they can't decrypt for themselves? > Yes such admin exist. And no they are not stupid. See the use-case I presented a short while ago to your other email as one example of such admin. It is also not uncommon to have admin on our proxy help mailing lists post attachments with packet captures and such details. Some of which contain encrypted traffic. Neither the admin posting the message nor myself nor any other reader of the list necessarily has the keys to decrypt it, but the reason its posted is to replicate accurately some problem with the proxy handling certain byte sequences that come up. For example off-by-1 error parsing the T-E:chunked framing of the wrapper message that crypted object was sent in. When the error only occurs rarely and randomly on certain objects. Amos
Received on Tuesday, 1 December 2015 14:30:54 UTC