- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 23 Jun 2014 16:17:23 -0700
- To: Peter Lepeska <bizzbyster@gmail.com>
- Cc: "Diego R. Lopez" <diego@tid.es>, Eric Rescorla <ekr@rtfm.com>, Martin Nilsson <nilsson@opera.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 23 June 2014 14:17, <bizzbyster@gmail.com> wrote: > > But if a split UA proxy were to decrypt my TLS traffic on the server side, > I'd want to know about it and be able to say no. This is simply a technical limitation of this particular deployment choice. You can't see the actual connection that your UA makes because it makes it somewhere remote. It also means that the security UI it shows needs to account for that remoteness somehow. I'd also want to ensure that these mechanisms are resilient against server compromise, but that's tricky and probably not going to happen.
Received on Monday, 23 June 2014 23:17:50 UTC