W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Trusting proxies (was Re: I revised the pro/contra document)

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Tue, 26 Nov 2013 11:19:53 +0100
Message-ID: <2f7cc3a3149a4fe69c31dcefc09b3449.squirrel@arekh.dyndns.org>
To: "Amos Jeffries" <squid3@treenet.co.nz>
Cc: ietf-http-wg@w3.org

Le Mar 26 novembre 2013 07:05, Amos Jeffries a écrit :
> On 26/11/2013 1:55 p.m., Roberto Peon wrote:
>> Here is the GOALS section from:
>> http://tools.ietf.org/html/draft-vidya-httpbis-explicit-proxy-ps-00.
>> I do think breaking down the conversation in this way is interesting.
>>
>> 6.2
>> <http://tools.ietf.org/html/draft-vidya-httpbis-explicit-proxy-ps-00#section-6.2>.
>>  Goals
>>
>>    These are the goals of a solution aimed at making proxying explicit
>>    in HTTP.
>>
>>    o  In the presence of a proxy, users' communications SHOULD at least
>>       use a channel that is point-to-point encrypted.
>>
>>    o  Users MUST be able to opt-out of communicating sensitive
>>       information over a channel which is not end-to-end private.
>>
>
> I think this is partially wrong.
>
> It would be far better to give the client some guarantee of end-to-end
> confidentiality and/or non-transformation before it opts-in to sending
> private details.
> Signing or encrypting the particular details using a shared secret
> arranged via mandatory out-of-band means with the origin server would be
> acceptible.

IMHO any way you look at it trust in a hop-by-hop world requires defining
what parts of the message constitutes the payload and should never be
modified, and then add a sender signature to it (if the payload is not
already 100% crypted)

I don't think anyone cares which of the intermediaries modified the
payload if the signature does not match

-- 
Nicolas Mailhot
Received on Tuesday, 26 November 2013 10:20:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC