- From: Toerless Eckert <tte@cs.fau.de>
- Date: Sun, 19 Jul 2020 18:51:03 +0200
- To: ietf-http-wg@w3.org
I hope a (simple?) user question is acceptable on this list, apologize if not.
What (if any) IETF/W3C standards exist to complete the following workflow:
- all for client/initiator (eg.: browser)
- Assume some DoH method for DNS lookups
- DNS lookup for www.example.com
- get in reply something like: (?)
www.example.com trusts the following proxy.com
- Build TLS connection to proxy.com (?)
- Tunnel end-to-end https connection to www.example.com across (?)
that TLS connection to proxy.com
Aka: do not want proxy.com to be able to decrypt end-to-end payload.
Aka: I am am unclear if there are appropriate DNS RRs to support the
following steps and if/how it is actually possible to have end-to-end
encryption across such an also encrypted proxy connection.
The use-case is obvious not to have network layer exposure on
the path between client and proxy that the connection is with www.example.com
and on path between proxy and www.example.com that connection is for client.
Thanks!
Toerless
Received on Monday, 20 July 2020 06:30:30 UTC