W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Yoav Nir <synp71@live.com>
Date: Tue, 3 Dec 2013 13:14:55 +0200
Message-ID: <BLU0-SMTP246525DD92BFD0DE6C1AE74B1D50@phx.gbl>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>, "William Chan (ι™ˆζ™Ίζ˜Œ)" <willchan@chromium.org>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 3/12/13 11:53 AM, Nicolas Mailhot wrote:
> If browser people do their part and implement the (admittedly non-trivial)
> UI to manage that, there will be a strong incentive to deploy because you
> can't imagine how sick operators are of all the ways browsers screw up
> http/1 by refusing to admit intermediaries exist.
The UI is extremely important here. If we create this protocol that 
allows both client and server to be aware of the proxy, and allows them 
to authenticate the proxy, a good UI (and I don't claim to know how this 
can be done) will let the user know that (a) her traffic is being 
decrypted on the way, and (b) by whom. If we can get to the position 
that she would accept this at her workplace, but would not accept this 
at, say, a coffee shop or airport, this will influence the decision made 
by websites a lot.

If customers can be trusted to not allow decrypting proxies everywhere, 
then banks will not prohibit online banking with proxies present. If the 
UI looks like this, they might:

  | A decrypting proxy called 'sslproxy.localhost' was detected.          |
  | |
  |  +----+ +---------------------------------------------------------+  |
  |  | OK |  | Nah, I'm so over this whole browsing the Internet thing |  |
  |  +----+ +---------------------------------------------------------+  |


Received on Tuesday, 3 December 2013 11:15:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC