W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Albert Lunde <atlunde@panix.com>
Date: Sat, 07 Dec 2013 08:25:47 -0600
Message-ID: <52A32FEB.10706@panix.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Is there any useful role for having a physical file format and file 
extension that says "here is a proxy's address and TLS certificate", 
such that if one imported it into a browser it would be trusted?

I can see how this could be a security risk via spoofing, but it might 
cut out some of the protocol/user interface dance in getting a trusted 
proxy established, by providing an out-of-band way to communicate the 
trust requirements in a given setting.

Signing the file as a whole seems like a good idea, but I'd rather have 
plain text and one or more base-64 blobs than a pure binary format that 
would be easier use to hide an executable.

I am assuming typical users would double click on the file to process 
it, even though that is frequently a bad idea.
Received on Saturday, 7 December 2013 14:26:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC