- From: Peter Lepeska <bizzbyster@gmail.com>
- Date: Sun, 8 Dec 2013 18:06:54 -0500
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CANmPAYF5q6kmuCK5UpRy2PoJOfru08c36njUo+Eyt5JHebqD1A@mail.gmail.com>
Interested in feedback on the following proxy user stories to be added to the current list here: https://github.com/http2/http2-spec/wiki/Proxy-User-Stories. Adam's Strictly Confidential Traffic Adam is the enterprise webmail administrator for company A, which prioritizes corporate confidentiality and information assurance above all else. Adam therefore would like to prevent all proxies from decrypting corporate webmail traffic regardless of any side effects this might cause. Eve's Access Blocking Enterprise Proxy Eve, the administrator of a proxy deployed at the edge of company B's network, refuses to allow any traffic in or out of the network that cannot be inspected. At the same time, Eve would like to avoid the potential liability involved in viewing another firm's confidential traffic. If a user on company B's network also has a webmail account from a company that has a strict confidentiality policy similar to company A's, Eve would prefer to prevent access to that webmail server from within company B than to decrypt that traffic. Darlene's Content Server Respecting Proxy Darlene, the executive at the mobile provider mentioned in the above link, would like to optimize mobile user traffic which requires decryption but would also like to avoid the potential liability of decrypting traffic to/from content owners with strict confidentiality policy similar to company A's. Darlene would like to decrypt only that traffic for which the content owners have not explicitly denied consent to decrypt. Thanks, Peter
Received on Sunday, 8 December 2013 23:07:21 UTC