Re: What will incentivize deployment of explicit proxies? from James M Snell on 2013-12-04 (ietf-http-wg@w3.org from October to December 2013)

From: James M Snell <jasnell@gmail.com>
Date: Tue, 3 Dec 2013 17:31:19 -0800
To: Yoav Nir <synp71@live.com>
Cc: Tim Bray <tbray@textuality.com>, ChanWilliam(陈智昌) <willchan@chromium.org>, Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABP7Rbe6p5QXqerYOWgbEArJT_Se5a5qk98oeXHs6BxjmkNY2A@mail.gmail.com>

On Tue, Dec 3, 2013 at 2:37 PM, Yoav Nir <synp71@live.com> wrote:
> The fact that everyone does it does not mean it's a good thing or that we
> should do it more.

Agreed. My point was not to argue that it was a good thing as much as
it was to point out that the UX is not something we need to solve
here, at least not right away... Beating the "perfect is the enemy of
good" drum once again.. perhaps for the time being putting some
security decisions into the hands of users is acceptable, at least
until the UX folks figure out a better way.

- James

>
> But the fact is that I don't see how we can avoid leaving it to the user.
> When designing a protocol or a browser, we have no idea if the user is going
> to be working for example.com (making sslproxy.example.com acceptable), or
> not. We also don't have a good concept of "location", which would allow us
> to know if the browser is currently located on a network at the example.com
> offices. We also don't know whether IdaratAlAmnAlSiyasi.gov.sy is acceptable
> or not. They're hard choices, but only the user can make them.
>
> It might be prudent to sacrifice expediency and block all access through
> unrecognized proxies. Adding an explicit proxy would then have to be done
> through a different UI, not a prompt that surprises a user who is trying to
> do something. If, as Adrien says, this is something that only happens once
> (when you get a new device or when the workplace installs a proxy) then
> configuring this once is likely OK. If these things start popping up in
> coffee shops, hotels, and your ISP connection, then we'll need something
> else.
>
> Yoav
>
>
>
> On 4/12/13 12:03 AM, James M Snell wrote:
>>
>>
>> And yet that's exactly what is done in other contexts all the time. When I
>> link my android chrome browser to my Google account, for instance, I can
>> usually expect to be asked to make several security choices...
>>
>> On Dec 3, 2013 1:57 PM, "Tim Bray" <tbray@textuality.com
>> <mailto:tbray@textuality.com>> wrote:
>>
>>     William is wrong: He will *definitely* be punished severely if he
>>     proposes putting security choices in the faces of ordinary humans;
>>     no “probably expect” about it...
>>
>>
>>     On Tue, Dec 3, 2013 at 10:53 AM, William Chan (陈智昌)
>>     <willchan@chromium.org <mailto:willchan@chromium.org>> wrote:
>>
>>         On Tue, Dec 3, 2013 at 5:36 AM, Yoav Nir <synp71@live.com
>>         <mailto:synp71@live.com>> wrote:
>>
>>             I like this discovery process. It's all in HTTP. The only
>>             downside is that it requires plaintext HTTP to work. I'm
>>             assuming that http://awebsite.com should not be the real
>>             site that the user is trying to view, but some specific
>>             site that the browser vendor keeps available just for
>>             testing for proxies with HTTP. You can't use the site that
>>             the user used, because that might be HTTPS.
>>
>>             You will get pushback on #5, though.
>>
>>
>>             On 3/12/13 3:16 PM, Nicolas Mailhot wrote:
>>
>>                 Le Mar 3 décembre 2013 12:24, Yoav Nir a écrit :
>>
>>
>>                 5. Prompt the user:
>>
>>                 Accept using gateway-name to access
>>                 http://awebsite.com/ and other web
>>                 sites in ingoing-http2-mode ?
>>
>>                 [check reformatted access rules] [see help page] [see
>>                 certificate]
>>
>>                    [ ] Prompt for other web sites and security modes
>>                    ( ) only for this session ( ) all the time
>>                    (*) only from here        ( ) everywhere
>>                   [Yes] [No]
>>
>>
>>             My mother would call me if she got that. My daughter would
>>             quickly learn that clicking "Yes" after unchecking the
>>             "Prompt" box and selecting "everywhere" makes the prompt
>>             go away and not come back. IOW it would make the Internet
>>             work.
>>
>>
>>         <pushback>
>>         I can probably expect to be tarred and feathered by my
>>         security team if I tell them we need to put up a UI asking the
>>         end user to make a decision about security :)
>>         </pushback>
>>
>>
>>             Yoav
>>
>>             (or my mother could call my daughter and get her advice...)
>>
>>
>>
>>
>>
>
>

Received on Wednesday, 4 December 2013 01:32:07 UTC