RE: [public-bpwg-comments] <none>

Hi Sean,
I agree with the general wording you propose, with the clarification
that the user's "advice" and related "opt out" may be expressed as a
preference in various ways. It does not have to be an explicit "do you
want to do this at this time" prompt in each case of HTTPS link access,
since that may be too burdensome to users (reducing service usage) or
actually break some services (e.g. those that depend upon automated HTTP
or markup-based redirection). 

I had ealier provided comments related to the technical hurdles of HTTPS
link re-writing:
http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Jul/0017.html

Few of those comments appear to have made it into the document.
Nonetheless, the observations are accurate and will need to be addressed
by CT Proxy vendors at least, and in deployment policies by CT Proxy
Operators. An effective user experience will depend upon avoiding
continual prompts.

Best regards,
Bryan Sullivan | AT&T

-----Original Message-----
From: public-bpwg-comments-request@w3.org
[mailto:public-bpwg-comments-request@w3.org] On Behalf Of Sean Owen
Sent: Monday, August 04, 2008 9:05 AM
To: public-bpwg-comments@w3.org
Subject: [public-bpwg-comments] <none>

Comments:

4.1.5.5 Since User-Agent has been the topic of some controversy in
comments, just wanted to voice support for the recommendation as written
here. While it is vital to preserve information about the mobile device,
this does not imply that User-Agent cannot be changed if that
information is otherwise preserved. Preserving the User-Agent through a
transforming proxy is misleading; the request is *not* coming from a
mobile device, but through a proxy. The origin server should be aware of
this.

Editorial:

4.3.6.2 I think the Note here is a good one, but may be worth expanding,
since it is apparently already unclear to some how HTTPS works here. The
very purpose of HTTPS is to ensure that content is not modified or read
by third parties in transit, which means a transforming proxy cannot
jump into an HTTPS conversation between mobile device and origin server.
So there's not actually a question of whether it's illegal or unethical
-- it's simply not possible (unless you have cracked SSL). It can only
create a secure connection between the mobile device and itself, and
between itself and the origin server. This is indeed a situation that
the end user needs to
understand:

I suggest wording along these lines, take it or leave it as you see fit
--

URIs which begin with the https scheme, when accessed, are secured
against eavesdropping and modification by third parties by the SSL
protocol. It is therefore not possible for a third-party transforming
proxy to participate directly in such a connection between mobile device
and origin server. Transforming proxies may still transform content of
https resources, but at best, it involves creating a separate secure
connection between device and proxy, and between proxy and origin
server. These communications are secure but the secured content is of
course visible to the transforming proxy. This may of course be
undesirable to an end user.

Therefore if a proxy rewrites https links, replacements links MUST at
least use the https scheme as well, and the proxy MUST use https to
communicate with the origin server. In addition the proxy MUST clearly
advise the user that the potentially sensitive contents of the
communication will be visible to the proxy, and must give the user an
option to opt out.

Received on Monday, 4 August 2008 16:52:33 UTC