W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Yet another trusted proxy suggestion

From: Roland Zink <roland@zinks.de>
Date: Tue, 26 Nov 2013 13:34:17 +0100
Message-ID: <52949549.2050806@zinks.de>
To: ietf-http-wg@w3.org
Step #3
> =======
> The browser sends a CONNECT command to the proxy (maybe that has to be 
> enhanced as well?) to connect to https://download.adobe.com. The proxy 
> tries to connect, and then either of two things happens:
>  1. a1953.d.cdn.net has a certificate for download.adobe.com - that is 
> what we do today.
>  2. a1953.d.cdn.net has a certificate for a1953.d.cdn.net, and issues 
> a "mandatory proxy" alert with its name.
> In the former case, things will work as today. In the latter case, I'm 
> not sure how the proxy (or browser for that matter) can know that 
> a1953.d.cdn.net is a trusted proxy for download.adobe.com. Having the 
> private key is a good indication, but I think we want to get away from 
> that.
> Either way, the connection is established
>
Is the Connect like in HTTP/1.1 the CONNECT method opening a TLS 
connection from the client to the CDN (TCP from proxy to CDN)? Or is 
this only opening a TLS connection from the proxy to the CDN? I'm 
assuming it is the latter.
Received on Tuesday, 26 November 2013 12:34:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC