Re: Trusting proxies (was Re: I revised the pro/contra document) from Adrien de Croy on 2013-11-26 (ietf-http-wg@w3.org from October to December 2013)

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 26 Nov 2013 01:12:27 +0000
To: "Martin Thomson" <martin.thomson@gmail.com>, "Roberto Peon" <grmocg@gmail.com>
Cc: "James M Snell" <jasnell@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <emf057118b-1658-4537-ad8f-fc7e40656754@bodybag>

from our POV, we have many customers (e.g. companies) who do not wish to 
give the user (e.g. employee) too much power.

the user always has choice whether to click a link or not, to go to the 
private site or not from company equipment using company resources.

Often, the company running the intermediary for employee use insists on 
the ability to scan content.  So it's not just up to the endpoints - 
they can't force an intermediary to grant any particular type or level 
of access.

In these cases, I think the best that can be done is that the user knows 
what is happening and can make an informed choice.  The server may also 
need to be able to make an informed choice as well.  But the choice 
comes down to proceeding or not.

Adrien

------ Original Message ------
From: "Martin Thomson" <martin.thomson@gmail.com>
To: "Roberto Peon" <grmocg@gmail.com>
Cc: "James M Snell" <jasnell@gmail.com>; "HTTP Working Group" 
<ietf-http-wg@w3.org>
Sent: 26/11/2013 2:04:16 p.m.
Subject: Re: Trusting proxies (was Re: I revised the pro/contra 
document)
>On 25 November 2013 16:55, Roberto Peon <grmocg@gmail.com> wrote:
>>  Here is the GOALS section from:
>>  http://tools.ietf.org/html/draft-vidya-httpbis-explicit-proxy-ps-00.
>>  I do think breaking down the conversation in this way is interesting.
>
>I just wanted to highlight the one piece: who gets to negotiate this
>end-state, whatever that end state is. (That's why the paste-dump is
>somewhat distracting; there's a lot there that isn't particularly
>well-motivated yet in my opinion and a lot that is not relevant to the
>immediate discussion.)
>
>I think that your first three points or so mean that you think that
>there are three parties involved in this negotiation: user,
>intermediary and server. You use the word "user" instead of client,
>which is telling, and probably a conscious choice.
>
>I want to work out whether this is in fact true, in the sense that the
>user is making an informed, empowered choice. I haven't been given
>information so far that would allow me to say that this is a) an
>agreed requirement (in the consensus sense), and b) possible.
>

Received on Tuesday, 26 November 2013 01:13:03 UTC