|
Jumping down a bit, to what I think is the point... On 12/9/13 10:56 PM, Stephen Farrell
wrote:
Eliot, On 12/09/2013 07:47 PM, Eliot Lear wrote: By itself s/where possible/where practical/ might be ok, but given that your interpretation of "where practical" appears to call for allowing TLS MITM attack boxes Where did THAT come from? I never made any such statement or even alluded to such an idea. We have developed an entire ecosystem that was predicated on encryption NOT being in certain places. If we can do better while not destroying people's ability to operationally manage their network, great. But I never went into mechanism. What's more: As I said before the httpbis WG are working through the complex and involved issues related to HTTP and TLS and proxies. Do you expect this to short-circuit that WG's efforts? And why would my particular opinion of that be interesting here? Seriously I've no idea what answer you expect there as to "how far" *I* "would go to mitigate". Quite the opposite, I am concerned that we do not understand the implications of what happens to a document when it comes out of a working group and hits the IESG. Will operational realities still apply? That's why I want to know your thinking in an EXAMPLE I gave (not for doing the HTTP WG's work - they should be left to do it). And you seem to be unwilling to answer that question. Eliot |