W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 3 Dec 2013 15:07:05 -0800
Message-ID: <CABkgnnWO8GgHUmmJ1OZSpH4hPbU6ZvRB58CWMxj+vP7wZrQPAw@mail.gmail.com>
To: Yoav Nir <synp71@live.com>
Cc: James M Snell <jasnell@gmail.com>, Tim Bray <tbray@textuality.com>, ChanWilliam(ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 3 December 2013 14:37, Yoav Nir <synp71@live.com> wrote:
> It might be prudent to sacrifice expediency and block all access through
> unrecognized proxies. Adding an explicit proxy would then have to be done
> through a different UI, not a prompt that surprises a user who is trying to
> do something.

That's exactly what we've decided to do for screen sharing in WebRTC.
It's got a similar sort of security profile: deceptively simple, but
in practice there are subtleties users cannot be expected to evaluate.
 In that context, Chrome - the only browser thus far to even have
screen sharing support - have decided to move access to this into
their extension framework.

In order to enable screen sharing in Chrome, sites will need to use an
extension that enables screen sharing for their site.  That hasn't
been a universally popular decision, but I believe it to be a
reasonable one given the nature of the problem.  It takes the decision
off the critical path; it allows for revocation of rights when there
are bad actors; etc...

I'm not suggesting that this is the right decision here, but some
greater awareness of the sorts of things people are doing when
presented with similarly tough decisions can't hurt.
Received on Tuesday, 3 December 2013 23:07:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC