- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sun, 15 Jun 2014 11:25:19 -0700
- To: Peter Lepeska <bizzbyster@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Sunday, 15 June 2014 18:25:47 UTC
On 14 June 2014 17:02, <bizzbyster@gmail.com> wrote: > I agree. Here's a straw man to get the discussion going: > http://caffeinatetheweb.com/presentations/trusted_proxy.html. I have a lot of questions, but I'll start with this one: is the decision to accept the proxy a blocking one? That is, is the user able to use the Web prior to making this decision? That makes a very big difference. I also have a few things that you might like to think about: https://bankofamerica.com/ might be a bad choice of example, though I'm guessing that you chose a banking site intentionally. Personally, I find the idea that there is a MitM on a connection to my bank to be almost as disturbing as having my visit to a doctor monitored. This sort of work might not be in scope here. I understand that we need to have this discussion somewhere, but the IETF (and even the W3C) have so far avoided dealing with these sorts of issues. That's probably not the right answer, but I keep hearing that this is outside their area of expertise.
Received on Sunday, 15 June 2014 18:25:47 UTC