W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Yoav Nir <synp71@live.com>
Date: Sat, 7 Dec 2013 00:42:56 +0200
Message-ID: <BLU0-SMTP2216EA7662DA1607C5A756B1D60@phx.gbl>
To: "William Chan (陈智昌)" <willchan@chromium.org>, Martin Thomson <martin.thomson@gmail.com>
CC: Werner Baumann <werner.baumann@onlinehome.de>, HTTP Working Group <ietf-http-wg@w3.org>
"Don't let anybody kid you. It's all personal, every bit of business."

In this case, I disagree with Martin. This is not a problem that we can 
avoid externalizing. Deciding whether a particular proxy is acceptable 
to the user of a browser requires information that we don't have. We 
don't have it at the IETF, and we don't have it where browsers are 
developed.

A browser can learn of the existence of a TLS proxy. This information 
may come from an HTTP code, a TLS alert, DHCP, DNS, or whatever other 
discovery mechanism we can think of. Whether this proxy is acceptable 
depends on so many factors:

  * Who deployed this proxy? (can probably be deduced from name in its
    certificate, but only sort-of) Maybe your workplace is acceptable,
    but the ISP or some other workplace is not.
  * What is it doing with the cleartext traffic?  Caching? Filtering?
    Recording? Looking for terrorism/criminal activity? Assuring a
    non-hostile workplace?  There are no technical ways to know these
    things. You'll have to learn them by social means - ask the IT
    person, ask your boss, require by law all installed proxies to
    disclose what they are doing. None of this can be done by Will or
    his security team.
  * Does the product used for the proxy have a recording function that
    can be used in case of a legal mandate?  If so, what procedural
    mechanism protects the users from someone at IT using it to spy on them?
  * Does the product used for the proxy have a backdoor for
    interception?  Will and his security team don't know. The boss and
    the IT person may not know that either.

It's a complex decision affected by many objective factors and some 
subjective attributes of the user. This is not a decision we can make on 
behalf of the user. This is very different from reporting on a bad 
certificate.

Hopefully, this will be a rare decision that users don't have to face 
every day.

Yoav


On 7/12/13 12:12 AM, William Chan (陈智昌) wrote:
> Hey hey, there's no reason to make this personal :) I never said I
> have no responsibility here. I just tried to make a funny quip that
> the...more passionate factions of the larger Chromium project will be
> very...passionate in their response to certain ideas. Is there a
> reason you wish to make this about me all of a sudden?
>
> Let me be clear, I in general think it's terrible to burden the user
> with decisions which they are largely unable to reason about. And I
> think it's wrong to expect them to have the knowledge to reason about
> it. And I disagree with the argument that browser vendors must provide
> all possible configuration options so users can do whatever they want.
>
> On Fri, Dec 6, 2013 at 1:27 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
>> On 6 December 2013 12:26, Werner Baumann <werner.baumann@onlinehome.de> wrote:
>>> [...] the dogma that users are stupid.
>> Not stupid, never stupid.  It's respect.
>>
>> UI surface area imposes costs upon users.  We cannot - should not -
>> externalize our problems by shunting them on users.
>>
>> This isn't purely a security problem either; there are security
>> aspects to this, but they aren't the only concerns.  I expect better
>> of Will than to try to shift focus onto some faceless "security team",
>> he owns some responsibility here too.
>>




Received on Friday, 6 December 2013 22:43:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC