Re: SSL/TLS everywhere fail from Ted Hardie on 2015-12-04 (ietf-http-wg@w3.org from October to December 2015)

From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 3 Dec 2015 16:38:27 -0800
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Robert Collins <robertc@robertcollins.net>
Message-ID: <CA+9kkMCkw00x_Sp9-gJ1yQ3npvoNS+Gstze8-RQHfAsGh=8gVA@mail.gmail.com>

On Thu, Dec 3, 2015 at 2:26 PM, Alex Rousskov <
rousskov@measurement-factory.com> wrote:

>  It could be this
>  
> WG job to design protocols and deployment recommendations that make
>  
> monitoring easy to integrate, discover, and either consent to or reject.
>

The working group is constrained to work 

within the limits set out in general IETF policy.  In this case, that is
RFC 2804.

Look particularly at section 3.  As you will note from that, there are
certainly middleboxes which are within scope (configured HTTP proxies among
them).  But there are others which are not.  I know of no interception
proxy requiring a newly installed root CA which would fit within the
current policy, but I'm willing to be informed should there be one.  But
the common case is clearly outside the scope of the engineering efforts
appropriate to the IETF, according to our current policies.

regards,

Ted

Received on Friday, 4 December 2015 00:38:59 UTC