W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Yet another trusted proxy suggestion

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Sat, 30 Nov 2013 07:54:22 -0800
Message-ID: <CAPik8ybnZfxNAuHTmDFMwzco_Eo-+ExyJ2cEwO0ef8ytU+vt4Q@mail.gmail.com>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Yoav Nir <synp71@live.com>, HTTP Group <ietf-http-wg@w3.org>
On Fri, Nov 29, 2013 at 1:45 AM, Nicolas Mailhot <
nicolas.mailhot@laposte.net> wrote:

>
> So unless a bank representative states the contrary, all my technical
> experience screams its a non-problem.
>

+1. Stephen's response (that a bank can't currently know if there is a TLS
proxy in HTTP/1.1) ignores what Yoav said, which is that such a bank could
detect that by forcing client auth. Of course they won't do that, but they
of course also won't have to because then they would be forced to not have
internet banking.

Stephen: if you have a real regulation and legal interpretation that we can
look at, we can look at that. "What if someone interprets a law in the way
I want them to because I don't like TLS proxies..." is not a useful
measure.
Received on Saturday, 30 November 2013 15:54:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC