Re: multiplexing -- don't do it from 陈智昌 on 2012-04-02 (ietf-http-wg@w3.org from April to June 2012)

From: 陈智昌 <willchan@chromium.org>
Date: Tue, 3 Apr 2012 01:55:24 +0200
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: Mike Belshe <mike@belshe.com>, ietf-http-wg@w3.org
Message-ID: <CAA4WUYjriOTCMn-GknsU=FtH2UWNJ0EZGYQoTDghxfzw0+JF7A@mail.gmail.com>

On Tue, Apr 3, 2012 at 1:47 AM, Amos Jeffries <squid3@treenet.co.nz> wrote:

> On 03.04.2012 10:36, Mike Belshe wrote:
>
>> On Mon, Apr 2, 2012 at 3:28 PM, Adrien W. de Croy wrote:
>>
>>
>>> ------ Original Message ------
>>> From: "Roberto Peon"
>>>
>>> I don't trust proxies... hopefully that is apparent, but I'm asking for
>>> explicit support for them and attempting to deny support for non explicit
>>> proxies.
>>>
>>> I don't have a problem with proxy usage moving to explicit only.  We've
>>> been trying to get customers to move in that direction for years.
>>>
>>> Customers do like using interception though.  Educating them costs money.
>>> Not providing the feature would cost us sales, until we could get
>>> commitment from every other vendor to deprecate the feature.
>>>
>>> if 2.0 can fix this by providing a path forward which doesn't allow it,
>>> then everyone will be in the same boat, which is fine with me.
>>>
>>>
>> If we got SSL interception to work with trusted proxies, it would be a
>> huge
>> feature to a lot of corporate sites. Not having to roll out SSL MITM is
>> really valuable to them.
>>
>> I'm 100% sure that Chrome & Firefox would get behind a solution which
>> enforced SSL more often and required browsers to support more features
>> with
>> trusted SSL to proxies.
>>
>
> The 8+ years we have had bugs open against Firefox explaining the
> use-cases, what is needed and even describing potential configuration specs
> say otherwise.
> Instead admin are forced to rollout a Firefox proxy config plugin which
> almost but not quite works, and these days both of them breaks for a few
> weeks out of each month.
>

I can't speak for Firefox (Pat?), but what Mike said definitely applies to
Chrome. We already have HTTPS proxy support. Are there other features you'd
like us to add on this front?


> Me and hundreds of other admin annoyed? yes. Meanwhile we have MITM, and
> countless others don't even bother to voice their opinions about it, just
> jump straight to MITM.
>
> AYJ
>
>

Received on Monday, 2 April 2012 23:55:53 UTC