[Cryptography] [cryptography] STARTTLS for HTTP
John Levine
johnl at iecc.com
Sun Aug 31 22:01:29 EDT 2014
>> Surely it would be no harder to get them to upgrade to SNI browsers,
>> which are widely available and interoperate with widely available
>> SNI servers, than to STARTTLS for HTTP which isn't implemented
>> anywhere.
>
>That's true, but again, you wouldn't necessarily need to update
>clients if it's strictly at the transport layer because the TLS could
>be terminated on a proxy.
If we get to stick proxies in the middle, we could set up a proxy that
got an incoming http request and attempted to proxy it to an https
request and threw away any certificate warnings. How would that be
functionally different?
>Turning off certificate warnings for everything would disable
>authentication for everyone, including those who have obtained proper
>certificates.
Then twiddle the warnings so they just turn off the lock icon rather
than putting up a big scary page that 99% of users click through
anyway.
I really don't understand what problem we're trying to solve here.
R's,
John
More information about the cryptography
mailing list