- From: Roland Zink <roland@zinks.de>
- Date: Tue, 04 Nov 2014 11:58:04 +0100
- To: ietf-http-wg@w3.org
On 03.11.2014 22:39, Mark Nottingham wrote: > Hi Sanjay and Diego, > > To summarise where I think we’re at — the fundamental issues with discovery are: > > - Authentication / Authorisation — how does the browser know that the proxy is who they say they are (e.g., “from my network”) and that they’re allowed to act in this capacity? The HTTP TLS model is to use the host name give some "proof" that it is correct in the server certificate. If it is allowed to act as a proxy is probably a user decision, e.g. it will trust a big brand name or the name of the company. > > - User Experience — how does the user of the browser become aware of and give permission to (or opt out of) the proxy, considering that UX around security and configuration is so tricky? It is probably even more complex as it may also involve the OS which can maintain a proxy setting for all apps. On the other side the OS already maintain several network settings like WiFi access data. This often already contain proxy settings. > These issues have come up consistently when we’ve discussed discovery in the past. > > Right now, the “default” answer for discovery is an intercepting proxy. That’s a layer violation (which makes many people sad, including HTTP people because it’s difficult to disambiguate between the proxy and the origin), but it has *better* security properties than e.g., WPAD, because it isn’t trusted more than the network itself, and it’s harder to spoof. > > Any solution which automatically inserts an intermediary (with or without user interaction) is going to see a fair amount of scrutiny and pushback, I think, because it’s introducing a new attack vector. > > So far, the most promising direction for this that I’ve heard seems to be having a whitelist of authorities which the browser is willing to trust advertisements from, and then requiring cryptographic proof before trusting such an advertisement. How that whitelist gets populated, however, would likely be contentious (and may not even be suitable for standardisation). The advertisement can probably extent the whitelist. When a proxy provider is encountered first it can accepted, denied or ignored by the user. The proxy is only used when accepted by the user and any decision remembered so that it isn't needed to ask again every time you check in to your train, plane or hotel. > At any rate, we’ll have time for discussion in HNL; should be interesting. Have fun in Honolulu, hope you will get your beer. > Cheers, > > > -- > Mark Nottingham http://www.mnot.net/ > > Regards, Roland
Received on Tuesday, 4 November 2014 10:58:25 UTC