- From: Alex Rousskov <rousskov@measurement-factory.com>
- Date: Wed, 15 Feb 2017 14:14:12 -0700
- To: HTTP working group mailing list <ietf-http-wg@w3.org>
- Cc: Ryan Hamilton <rch@google.com>
On 02/15/2017 01:24 PM, Ryan Hamilton wrote: > ​Chrome supports speaking to an HTTP proxy via TLS. However, that's not > sufficient to display error pages in response to connect requests. UI problems aside, it is sufficient -- the level of trust towards an HTTPS proxy is the same as the level of trust towards an HTTPS origin server because both destinations are (or can be) validated using the same set of trust mechanisms. Chrome (among other browsers) just does not want to solve the UI problems associated with handling two trusted but different sources of information. > the UI presented should either be: > > * Actual content from the server which has been end-to-end authenticated via a TLS connection to the origin. > * Browser UI This is a false dichotomy IMO. Just because a browser currently lacks a third UI does not mean that such UI cannot be added. The HTTPS proxy has been end-to-end authenticated via an end-to-end TLS connection just like the origin server would have been. There is no difference there. The only difference is the lack of a distinct-enough UI for proxy-generated content. It is a difficult UI problem, but browsers, given enough motivation, have solved plenty of difficult UI problems (or even shipped without good solutions). Alex.
Received on Wednesday, 15 February 2017 21:14:40 UTC