W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Yoav Nir <synp71@live.com>
Date: Tue, 3 Dec 2013 11:49:05 +0200
Message-ID: <BLU0-SMTP442992AB442BF2A31DE06C9B1D50@phx.gbl>
To: Roberto Peon <grmocg@gmail.com>, "William Chan (ι™ˆζ™Ίζ˜Œ)" <willchan@chromium.org>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 3/12/13 10:28 AM, Roberto Peon wrote:
>
>         For enterprises, the new trend is apparently to allow users to
>         use their personal devices. These devices would be outside the
>         normal administrative chain and would likely cause headaches.
>
>
>     I agree using personal devices would likely cause headaches. But
>     you're not saying explicit proxies solves this somehow, do you? If
>     so, I missed it.
>
>
> Enterprises like these have three choices:
> 1) Disallow access to such devices
> 2) Force users to install root certs
> 3) Force users to configure a proxy explicitly.
> Arguably #3 is the best, from both the enterprise, site and user 
> perspective as setting up an explicit proxy should be easier than 
> installing a root cert for both enterprise and user, and the site now 
> gets signaled about the presence of a proxy.
>
As you said, BYOD is the new trend (this email written on my Mac rather 
than a company laptop), so #1 is out. #2 is what we have now, and this 
applies not only to people who bring their own device, but also to 
people who use Firefox (a non-negligible group). They handle it by 
either searching for "install CA certificate on xxx" in a search engine 
and pasting the result on an intranet page, or by sending the users to 
do the search themselves.

#3 is preferable for administrators, sites and users by making the UX 
for it the browser vendor's problem. Because "get the CA certificate 
from this wiki page, send it to an email account that you can access 
with your phone, double-tap the attachment on the phone, etc." - all 
this is a form of user experience, just not a good one.

So if deploying an explicit proxy can get the BYOD people off of IT's 
back, it's a win for them.

Yoav



Received on Tuesday, 3 December 2013 09:49:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC