Re: What will incentivize deployment of explicit proxies? from Nicolas Mailhot on 2013-12-12 (ietf-http-wg@w3.org from October to December 2013)

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Thu, 12 Dec 2013 10:34:06 +0100
To: "Ted Hardie" <ted.ietf@gmail.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Mark Nottingham" <mnot@mnot.net>, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "Adrien de Croy" <adrien@qbik.com>, "Roberto Peon" <grmocg@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <9ab039b3b7345c8b55d3a8df7c8ac606.squirrel@arekh.dyndns.org>

Le Jeu 12 décembre 2013 02:22, Ted Hardie a écrit :
> On Wed, Dec 11, 2013 at 4:50 AM, Nicolas Mailhot <
> nicolas.mailhot@laposte.net> wrote:
>
>>
>> Le Mar 10 décembre 2013 03:12, Mark Nottingham a écrit :
>>
>> > What I don't want to do is spend months-to-years developing a new kind
>> of
>> > explicit proxy in HTTP in the *hope* that it'll somehow magically
>> supplant
>> > these devices, without some sort of evidence that it has a chance of
>> doing
>> > so.
>>
>> The trust level of the endpoint site is not the same as the trust level
>> of
>> the gateway. It may surprise you but in some case the trust level of the
>> gateway is way higher than a random web site on the other side of the
>> world, so not being able to distinguish in the web client between the
>> signals of the web site and of the gateway is a big security problem.
>>
>> --
>>
> So, I think this is the point at which someone traditionally says "the
> term
> 'trust' is overloaded here", and it seems to fall to me this time.  An end
> user or IT staff member may have greater confidence that a specific type
> of
> proxy is not delivering malware than it has in a random web site, since
> the
> proxy may be developed to remove malware.  For that value of "trust", your
> statement makes sense.
>
> The end user/IT staff member cannot have great confidence that the proxy
> is
> delivering the content intended by the random web site.  It can at most
> match the same confidence.
>
> So let's be a little careful with terms like "trust level", please.

The proxy auth may be shared with other internal systems. On any big
organisation it will be (see SSO)

Browsers not making the distinction between proxy and web site messages
mean any random web site can spoof the proxy auth and steal credentials.

Such credential stealing was used to infiltrate French presidency last
year IIRC.

So yes, let's be a little careful with terms like "trust level" and stop
assuming any random blog trumps everything else.


-- 
Nicolas Mailhot

Received on Thursday, 12 December 2013 09:34:44 UTC