W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Trusting proxies (was Re: I revised the pro/contra document)

From: James M Snell <jasnell@gmail.com>
Date: Mon, 25 Nov 2013 16:43:51 -0800
Message-ID: <CABP7RbdhhUcqbCQxDpQv4zqyZOHBDas_vCU+gSZgHw+b6-rR2g@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Nov 25, 2013 at 4:10 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> On 25 November 2013 15:53, David Morris <dwm@xpasc.com> wrote:
>> Powers need to be negotiated and not an absolute feature of the protocol.
>
> That's a nice blanket statement.  Let's assume that this is true for
> all combinations of powers (a point that seems suspect); who are the
> parties at the negotiation table?
>

Great question that does not have a great answer. Part of the problem
with this conversation is that we don't really have a great vocabulary
developed yet to really discuss it.. we just keep saying "trusted
proxy" and "untrusted proxy" without really breaking down what those
really are. We need to if we're going to make any progress in this
discussion. Also, without any clear shared notion about what kind of
good behaviors a "trusted" intermediary ought to implement, it's going
to be very difficult to really nail this down.

So let's take a first stab at this:

1. A Trusted Intermediary exists in the path for the benefit of either
the requesting agent, responding origin, or both.
2. A Trusted Intermediary ALWAYS makes it's presence on the path known
to both the requesting agent and the origin.
3. A Trusted Intermediary ALWAYS ensures that any modification it
makes to either the request or response are detectable by the
receiving peer.
4. A Trusted Intermediary NEVER utilizes request or response data in a
manner not authorized by the requesting agent or responding origin.
5. A Trusted Intermediary that exists for the benefit of the
requesting agent ALWAYS provides proof to the responding origin that
it has been authorized and trusted by the requesting agent.
6. A Trusted Intermediary that exists for the benefit of the
responding agent ALWAYS provides proof to the requesting agent that it
has been authorized and trusted by the responding origin.
7. A Trusted Intermediary NEVER attempts to subvert or compromise the
integrity communication between the requesting agent and responding
origin.
8. A Trusted Intermediary ALWAYS limits it's actions to those
explicitly granted to it by the requesting agent or responding origin
or both.
9. A Trusted Intermediary ALWAYS asks for permission before it
performs any action (see #2)

I'm sure these could use some massaging and refinement, but what this
basically describes in a delegation model: A trusted intermediary is
one that has been delegated some form of verifiable permission to act
by either the origin or the agent. The key questions, then, become how
exactly do we reliably enable this kind of delegated authorization
model.

Is breaking the conversation down this way helpful?

- James
Received on Tuesday, 26 November 2013 00:44:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC