W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Yet another trusted proxy suggestion

From: Yoav Nir <synp71@live.com>
Date: Tue, 26 Nov 2013 23:40:36 +0200
Message-ID: <BLU0-SMTP21165B105D4DF91EFD790B1B1EC0@phx.gbl>
To: Martin Thomson <martin.thomson@gmail.com>, Adrien de Croy <adrien@qbik.com>
CC: HTTP Group <ietf-http-wg@w3.org>
On 26/11/13 11:10 PM, Martin Thomson wrote:
> On 26 November 2013 12:11, Adrien de Croy <adrien@qbik.com> wrote:
>> Chrome has the "incognito" frame.  You could use a different browser frame.
> So rather than the masked man (or the fancy masquerade sham in
> Firefox), you would have what, this:
> http://ts2.mm.bing.net/th?id=H.4858996483622041&pid=1.7?
>
Or this:
http://cyclestuff.files.wordpress.com/2012/11/eye-of-sauron.jpg
Or maybe this:
http://www.calwatchdog.com/wp-content/uploads/2011/07/big-brother-is-watching-you4.jpg

But it is worth considering what a UI tells the user. Certificate errors 
were notoriously ineffective, and part of this is because the message 
had to be ambiguous, like "this site is not certified by a trusted root. 
So, 9 times out of 10 this is just a harmless misconfiguration, or 
they're too cheap to buy a real certificate, but every once in a while 
it's really an attack."

For this we have the luxury of being able to be unambiguous: "The 
network has an HTTPS monitor called sslproxy.example.com that will 
decrypt all HTTPS traffic. Any passwords, credit card numbers and 
personal information will be visible to this proxy. Click <a 
href="https://sslproxy.example.com/.well-known/proxy-terms-of-use.html>here</a> 
to learn more about this proxy.".  It's tempting to add a "Trust this 
proxy" button there, or Firefox's "I understand the risks" (no, you 
don't). But I guess training users to click this button is bad practice. 
Better to give them instructions about how to configure their particular 
browser to trust this proxy through menus or about:config.

But regardless, a visual indication of the existence of the proxy is a 
benefit that we're missing with the MitM we have today. We could have 
warnings before typing in password fields or fields marked as credit 
card number.





Received on Tuesday, 26 November 2013 21:41:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC