W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Explicit Proxy [was: A proposal]

From: Mike Belshe <mike@belshe.com>
Date: Tue, 19 Nov 2013 19:23:33 -0800
Message-ID: <CABaLYCsCgSyR3P0hwkiKVXRMJGzWRP1Hb6ofziWSYwgJ+accDg@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Willy Tarreau <w@1wt.eu>, HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Poul-Henning Kamp <phk@phk.freebsd.dk>
I wrote up some high level concepts around this in 2011 which may be of
interest:
https://www.belshe.com/2011/11/17/spdy-of-the-future-might-blow-your-mind-today/

I think these are still relevant.

Mike





On Tue, Nov 19, 2013 at 6:07 PM, Mark Nottingham <mnot@mnot.net> wrote:

> Hi Willy,
>
> On 20/11/2013, at 12:41 PM, Willy Tarreau <w@1wt.eu> wrote:
> >
> > So let's loop back to one of the very old points about tls+auth for
> > proxies. This will significantly improve the ability to use anonymisers
> > and to use them safely. Without even the SNI or destination address
> > being useful (right now the SNI is carried over clear text even
> > through proxies).
> >
> > That way we can have end users safely connect to well known anonymisers
> > without anyone being able to get anything from that conversation, to
> > the same extents as what the pro-TLS guys expect from full TLS to
> > servers.
> >
> > I know it has been discussed many times in the past, but let's bring
> > that again on the table so that "people don't die anymore". Secure,
> > trusted proxies are *the* solution to solve the privacy issues that
> > make some people insist so much on having TLS. Let's just have it
> > towards the right place.
>
>
> Explicit proxy is tracked here: <
> https://github.com/http2/http2-spec/issues/316>.
>
> I've heard a significant amount of interest in this, especially at and
> after Vancouver, and think we'll see more proposals soon.
>
> Cheers,
>
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>
Received on Wednesday, 20 November 2013 03:24:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC