W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Explicit Proxy [was: A proposal]

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 20 Nov 2013 13:07:46 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Mike Belshe <mike@belshe.com>
Message-Id: <1E9F54E3-E939-4260-B007-BF92FD109BCB@mnot.net>
To: Willy Tarreau <w@1wt.eu>
Hi Willy,

On 20/11/2013, at 12:41 PM, Willy Tarreau <w@1wt.eu> wrote:
> 
> So let's loop back to one of the very old points about tls+auth for
> proxies. This will significantly improve the ability to use anonymisers
> and to use them safely. Without even the SNI or destination address
> being useful (right now the SNI is carried over clear text even
> through proxies).
> 
> That way we can have end users safely connect to well known anonymisers
> without anyone being able to get anything from that conversation, to
> the same extents as what the pro-TLS guys expect from full TLS to
> servers.
> 
> I know it has been discussed many times in the past, but let's bring
> that again on the table so that "people don't die anymore". Secure,
> trusted proxies are *the* solution to solve the privacy issues that
> make some people insist so much on having TLS. Let's just have it
> towards the right place.


Explicit proxy is tracked here: <https://github.com/http2/http2-spec/issues/316>. 

I've heard a significant amount of interest in this, especially at and after Vancouver, and think we'll see more proposals soon.

Cheers,


--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 20 November 2013 02:08:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC