- From: Peter Lepeska <bizzbyster@gmail.com>
- Date: Tue, 3 Dec 2013 20:57:14 -0500
- To: William Chan (陈智昌) <willchan@chromium.org>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CANmPAYEy=VF_RX-7vq6ePUBKg64WW29+RHp5jOgwX5chA-qeJA@mail.gmail.com>
I like the way you've laid this out from the perspective of incentives to
adopt.
"Now, as far case (2), if the proxy operators can already deploy their MITM
certs on client devices, then they already own those devices. This sounds
like enterprise computing devices or schools or prisons or what not. Now,
if they already own the devices on this network, what incentive do they
have to adopt explicit proxies? It sounds like they would just lose power.
Is there a carrot here? SSL MITM proxies are already transparent to the
client and origin server, so I don't see what leverage either entity has
here."
I wonder if MITM proxy operators have any legal concerns about viewing
content owners' traffic without their consent or even an indication that
the MITM is active. The proxy operators "own" their users' devices
presumably but not content owners' data. I think an ideal explicit proxy
would allow proxies to make their presence known to content owners.
Peter
On Tue, Dec 3, 2013 at 2:37 AM, William Chan (陈智昌) <willchan@chromium.org>wrote:
> Pardon me if this is obvious, but it's not immediately obvious to me what
> will cause people to use explicit proxies instead of MITM proxies? Who is
> going to deploy them? The 2 cases I can think of are:
>
> (1) People who are using HTTP interception ("transparent") proxies
> (2) People who are already using SSL MITM proxies
>
> In case (1), it appears to me that proxy operators may want explicit
> proxies, because theoretically those interception proxies provide vital
> functionality that they don't want to lose if more things go over HTTPS.
> Because if not, their alternative is to use a SSL MITM proxy, which
> requires them to own the client devices so they can administratively
> install additional root certificates. This bears a high cost, both in
> perceived privacy impact and in requiring administrative maintenance. By
> this description, I suspect this group probably consists of network
> operators, like mobile network operators or ISPs or what not. I suspect
> it's very costly for them to have to administrate customer devices.
>
> But I don't see what an explicit proxy will help with here. Is the
> requirement that there be a way to automagically configure the explicit
> proxy *and* default to giving up one or more of the confidentiality,
> integrity, and authentication guarantees normally provided by TLS? I can't
> see a browser defaulting into letting automatically letting an explicit
> proxy MITM them. Will it just be opt-in (which, given how much browser
> vendors "love" presenting UI to end users, is also controversial...)? If
> so, is that good enough for whoever is deploying these proxies? I have to
> imagine that's very unsatisfactory for them. What's the vision here?
>
> Now, as far case (2), if the proxy operators can already deploy their MITM
> certs on client devices, then they already own those devices. This sounds
> like enterprise computing devices or schools or prisons or what not. Now,
> if they already own the devices on this network, what incentive do they
> have to adopt explicit proxies? It sounds like they would just lose power.
> Is there a carrot here? SSL MITM proxies are already transparent to the
> client and origin server, so I don't see what leverage either entity has
> here.
>
> Would love to hear peoples' thoughts here.
>
Received on Wednesday, 4 December 2013 01:57:42 UTC