W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Willy Tarreau <w@1wt.eu>
Date: Wed, 20 Nov 2013 02:41:10 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Mike Belshe <mike@belshe.com>
Message-ID: <20131120014110.GD22150@1wt.eu>
On Wed, Nov 20, 2013 at 12:25:58PM +1100, Mark Nottingham wrote:
> Gentlemen,
> 
> This thread is off-topic for this list, as per
> <http://www.w3.org/mid/21ACB8E5-BC29-4725-8333-7B96E3364AE9@mnot.net>. Please
> focus on proposing text for the spec.

You're perfectly right Mark.

And I think that Roy provided a few very very good points. In
order to add some privacy, we need to make it easier and safer
to use proxies.

So let's loop back to one of the very old points about tls+auth for
proxies. This will significantly improve the ability to use anonymisers
and to use them safely. Without even the SNI or destination address
being useful (right now the SNI is carried over clear text even
through proxies).

That way we can have end users safely connect to well known anonymisers
without anyone being able to get anything from that conversation, to
the same extents as what the pro-TLS guys expect from full TLS to
servers.

I know it has been discussed many times in the past, but let's bring
that again on the table so that "people don't die anymore". Secure,
trusted proxies are *the* solution to solve the privacy issues that
make some people insist so much on having TLS. Let's just have it
towards the right place.

Willy
Received on Wednesday, 20 November 2013 01:41:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC