W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Re[2]: HTTP/2.0 goal: polcy enforcement

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Mon, 26 Mar 2012 06:02:58 +0000
To: "Adrien W. de Croy" <adrien@qbik.com>
cc: "Adam Barth" <w3c@adambarth.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <1989.1332741778@critter.freebsd.dk>
In message <em09ef4353-30f0-4c3a-bd0b-f9912deb7be4@BOMBED>, "Adrien W. de Croy"

>I'm all for using TLS everywhere (apart from the load), but proxies 
>need access to raw payload.  That requirement isn't going away.

As bad as the idea might be in philosophical terms, it is a requirement
that must be handled.

On the other hand, there is an equally strong, if not stronger,
requirement to know for sure that nobody is doing MITM on a session.

I think a right-ish solution is to have a error-response that informs
the client that proxy-use is mandatory and gives the coordinates
for contacting the proxy.

The client gets a dialog box and can decide if they want to submit
to the proxys policy, or if they want to postpone their activites
until they can get end-to-end-privacy.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 26 March 2012 06:03:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:01 UTC