Phillip Hallam-Baker wrote: > > What I find wrong with the MITM proxies is that they offer a > completely transparent mechanism. The user is not notified that they > are being logged. I think that is a broken approach because the whole > point of accountability controls is that people behave differently > when they know they are being watched.
MITM proxies are bad in several ways. Not only that they're trying to hide (by faking server certs), they also breaking client-cert authentication, interfere with TLS channel bindings and will break other approaches that intend to fix the shortcomings of the Browser's TLS X.509 PKI trust model. -Martin _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
