- From: Eric Rescorla <ekr@rtfm.com>
- Date: Tue, 30 Jan 2018 12:17:37 -0800
- To: Jana Iyengar <jri@google.com>
- Cc: Jeffrey Yasskin <jyasskin@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CABcZeBMyXDHk4h7N9J7V7iB8yxa_iSY=44bpjOWnQE5WcCsCqw@mail.gmail.com>
On Tue, Jan 30, 2018 at 11:50 AM, Jana Iyengar <jri@google.com> wrote: > I'm watching from the sidelines, but a clarification question: > > Thanks for taking a look at this. However, I don't think it really >> addresses the concern that I raised, which is not solely about talking to >> the origin but about having a digital signature from the origin server >> substitute for an HTTPS connection to the origin. >> > > In the current world, client does DNS lookup, establishes a TCP > connection, creates a secure channel to an authenticated origin, and gets > content from it over this channel. > Yes. Per my understanding, the proposal here basically removes the DNS lookup + > TCP connection to the origin, but creates a secure channel to an > authenticated proxy, and separately authenticates content that it gets from > it. > Well, the proxy is largely irrelevant here, as the client has no particular relationship with it. From a security perspective, the client gets some content from a random location and trusts it because it's digitally signed by the origin server. The client would previously have authenticated the channel to the origin > and gotten any content from it. In this proposal, a client does a TLS > handshake to secure the channel to the proxy, and then authenticates > content that comes over it. Is this understanding correct? If so, it > *seems* equivalent security to HTTPS. > I don't think that's true. At *most* it provided data origin authentication/integrity (feel free to argue non-repudiation, but that's not really relevant here). It doesn't provide confidentiality to the origin server at all. -Ekr
Received on Tuesday, 30 January 2018 20:18:40 UTC