- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 25 Nov 2013 14:13:34 -0800
- To: Peter Lepeska <bizzbyster@gmail.com>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Adrien de Croy <adrien@qbik.com>, Tim Bray <tbray@textuality.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 25 November 2013 13:09, Peter Lepeska <bizzbyster@gmail.com> wrote: > I think we need to come up with a protocol-supported way to solve the > problems of trusted proxies without modifying TLS. Isn't it the case that we want to limit the amount of trust that we bestow upon our favourite intermediary? If this truly were a 100% trusted intermediary, then we'd already be done here. TLS hop-by-hop is enough for that. I don't think that is where all this time is going. I think that all this discussion is getting all knotted over is what we want to allow intermediaries to do. What set of capabilities can be offered to an intermediary that would induce it to reduce the scope of its powers? It has been suggested that the powers of stealth be denied. That sounds reasonable, but I always stumble at the UX story there. The power of content modification - with some fuzziness around whether that includes "metadata" - has also been suggested as another potential power to strip. I think that leaves intermediaries with the ability to see what is going on and prevent it if they choose. Is that enough? I've heard it said that it is not.
Received on Monday, 25 November 2013 22:14:01 UTC