W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 03 Dec 2013 20:23:05 +0000
To: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Patrick McManus" <pmcmanus@mozilla.com>
Cc: William Chan (ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, "Yoav Nir" <synp71@live.com>, "Roberto Peon" <grmocg@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <em55385a46-a357-4202-b938-0961f1ca2451@bodybag>


------ Original Message ------
From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>

>Unlike Willy I do think all is not lost (yet) and operators will accept 
>to
>not terminate ssl systematically if the protocol is not an 
>all-or-nothing
>choice. For example I'm pretty sure most corporations would accept to 
>only
>scan mime types likely to carry malware (js, executables, 
>zip/isos/office
>documents) and pass the rest in opaque messages as long as major 
>browsers
>and web sites didn't lie about this (and users deploying other web 
>clients
>that lied in their user agent would face administrative sanctions). For
>non-dangerous mime types "inspection" only cares about checking if the
>full url does not belong to a porn/spam/crook/gaming web site, not the
>message content.

actually there are products out there that inspect HTML to attempt to 
classify content using various heuristics.

>
>It's all a balancing act.
>
>Regards,
>
>BTW: great news about the Firefox patchset
>
>--
>Nicolas Mailhot
>
>
Received on Tuesday, 3 December 2013 20:23:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC