W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2013

Re: Comments on Explicit/Trusted Proxy

From: Albert Lunde <atlunde@panix.com>
Date: Thu, 02 May 2013 10:17:17 -0500
Message-ID: <5182837D.6040102@panix.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 5/2/2013 9:57 AM, Stephen Farrell wrote:
>
>
> On 05/02/2013 03:53 PM, Peter Lepeska wrote:
>> It's no different than today. If you have a root CA installed on the end users machine, you can MITM the bank. Under this scheme, there will be some proxies that will elect to not MITM traffic from content providers that explicitly opt-out.
>
> Right. All web servers have to trust all the proxies in the universe.
> Seems like a show-stopper to me.
 >
>> In general, adding support for an SSL proxy should not decrease the
>> level of security from MITM attacks that we have today. It just allows
>> well-behaving ones to A) not have to forge certificates, B) remove the
>> problem of transitive trust, and C) make content servers aware and give
> them the ability to opt-out.
>
> Standardising that would IMO seriously decrease the level of
> security we have.

I'd say it's better to trust a known proxy than to be in the typical 
captive portal situation where the portal in effect forges certificates 
to make you think everything is wonderful.

This is being done widely enough to suggest there is a use case.

What one would like is something that restricts what the proxy can do 
and identifies the proxy in a reliable way.

The other approach that sometimes works is some kind of VPN, but that 
may be out of scope...

-- 
     Albert Lunde  albert-lunde@northwestern.edu
                   atlunde@panix.com  (address for personal mail)
Received on Thursday, 2 May 2013 15:17:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:12 UTC