W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Tue, 10 Dec 2013 02:02:11 +0000
Message-ID: <52A67623.6020703@cs.tcd.ie>
To: "William Chan (陈智昌)" <willchan@chromium.org>
CC: Mark Nottingham <mnot@mnot.net>, Adrien de Croy <adrien@qbik.com>, Roberto Peon <grmocg@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>


On 12/10/2013 01:45 AM, William Chan (陈智昌) wrote:
> Just so we're clear, the common methods already in use impact all
> consumers of TLS, not just browsers. They're getting added to the
> system certificate store, so they affect all applications. But the
> primary reason that it gets installed in the system certificate store
> is because these proxies want to MITM browser connections.

Right. And if vendors, operators or users do that that's their
responsibility. But if we do/endorse that, then we (the IETF)
have to bear some responsibility for other uses of TLS or we're
not doing our job. At least to the level of knowing what might
be broken, but even that's a huge job. So I really think the
HTTP proxy issue is best addressed via HTTP mechanisms to be
honest.

S.
Received on Tuesday, 10 December 2013 02:02:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC