W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Wed, 4 Dec 2013 10:16:42 +0100
Message-ID: <5b2be8d9368c097d4a9ecb8f785c2410.squirrel@arekh.dyndns.org>
To: "Albert Lunde" <atlunde@panix.com>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>

Le Mer 4 décembre 2013 02:18, Albert Lunde a écrit :

> Saying, "I'll trust proxies with certificates signed by a list of CAs"
> "reduces" it to the certificate trust problem, which is nearly where we
> stated, though trusting proxies signed by a short list of CAs might be
> more manageable.

In the end the user needs to be notified when a particular proxy he
accepted is in use or not (with kill connexion option if he wants to
stop). Because only this user will know if his current browsing is
sensitive or not, or if the proxy is expected or not.

When I'm at home vpn connected to work I accept the terms of my workplace
proxy. When I'm at home doing personal stuff I don't want my employer to
intrude, so I want to be shown I forgot to close the vpn and I'm still
being proxified. (or to take another example if I accepted a hotel proxy
and it pops up in another physical place something fishy is going on and I
don't need to be an IT expert to realise it). I may visit another work
premise that uses a different address plan and seeing the usual work proxy
popup will be ok. Seeing the same pop up in another company indicates
someone is trying to steal trade secrets. School proxy at school is ok.
school proxy at home means an enterprising student stole the headmaster's
post-it admin password, got the gateway certificates and wants to spy on
his schoolmates.

You can't get the user out of the decision loop. You can avoid bothering
him needlessly with new prompts once the initial yes/no choice has been
done, but even afterwards gateway xxx is in use needs to be displayed
somewhere in the web client chrome

Regards,

-- 
Nicolas Mailhot
Received on Wednesday, 4 December 2013 09:17:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC