W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Tim Bray <tbray@textuality.com>
Date: Tue, 3 Dec 2013 13:55:18 -0800
Message-ID: <CAHBU6itjD3Gk7k4Srv+RbK0w2W5rbPX0HQeoPpzgJx0X8ibkJg@mail.gmail.com>
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: Yoav Nir <synp71@live.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Roberto Peon <grmocg@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
William is wrong: He will *definitely* be punished severely if he proposes
putting security choices in the faces of ordinary humans; no “probably
expect” about it...


On Tue, Dec 3, 2013 at 10:53 AM, William Chan (陈智昌)
<willchan@chromium.org>wrote:

> On Tue, Dec 3, 2013 at 5:36 AM, Yoav Nir <synp71@live.com> wrote:
>
>> I like this discovery process. It's all in HTTP. The only downside is
>> that it requires plaintext HTTP to work. I'm assuming that
>> http://awebsite.com should not be the real site that the user is trying
>> to view, but some specific site that the browser vendor keeps available
>> just for testing for proxies with HTTP. You can't use the site that the
>> user used, because that might be HTTPS.
>>
>> You will get pushback on #5, though.
>>
>>
>> On 3/12/13 3:16 PM, Nicolas Mailhot wrote:
>>
>>> Le Mar 3 décembre 2013 12:24, Yoav Nir a écrit :
>>>
>>>
>>> 5. Prompt the user:
>>>
>>> Accept using gateway-name to access http://awebsite.com/ and other web
>>> sites in ingoing-http2-mode ?
>>>
>>> [check reformatted access rules] [see help page] [see certificate]
>>>
>>>    [ ] Prompt for other web sites and security modes
>>>    ( ) only for this session ( ) all the time
>>>    (*) only from here        ( ) everywhere
>>>                                           [Yes] [No]
>>>
>>>
>>>  My mother would call me if she got that. My daughter would quickly
>> learn that clicking "Yes" after unchecking the "Prompt" box and selecting
>> "everywhere" makes the prompt go away and not come back. IOW it would make
>> the Internet work.
>>
>
> <pushback>
> I can probably expect to be tarred and feathered by my security team if I
> tell them we need to put up a UI asking the end user to make a decision
> about security :)
> </pushback>
>
>
>> Yoav
>>
>> (or my mother could call my daughter and get her advice...)
>>
>>
>>
>>
>
Received on Tuesday, 3 December 2013 21:55:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC