Jumping down a bit, to what I think is the point...
On 12/9/13 10:56 PM, Stephen Farrell wrote:
Eliot,
On 12/09/2013 07:47 PM, Eliot Lear wrote:
By itself s/where possible/where practical/ might be ok, but given
that your interpretation of "where practical" appears to call for
allowing TLS MITM attack boxes
Where did THAT come from? I never made any such statement or even
alluded to such an idea. We have developed an entire ecosystem that was
predicated on encryption NOT being in certain places. If we can do
better while not destroying people's ability to operationally manage
their network, great. But I never went into mechanism. What's more:
As I said before the httpbis WG are working through the complex
and involved issues related to HTTP and TLS and proxies. Do you
expect this to short-circuit that WG's efforts? And why would my
particular opinion of that be interesting here? Seriously I've no
idea what answer you expect there as to "how far" *I* "would go
to mitigate".
Quite the opposite, I am concerned that we do not understand the
implications of what happens to a document when it comes out of a
working group and hits the IESG. Will operational realities still
apply? That's why I want to know your thinking in an EXAMPLE I gave
(not for doing the HTTP WG's work - they should be left to do it). And
you seem to be unwilling to answer that question.
Eliot