Re: breaking TLS (Was: Re: multiplexing -- don't do it)

In message <4F7F53B7.20103@cs.tcd.ie>, Stephen Farrell writes:

>On 04/06/2012 09:29 PM, Roberto Peon wrote:
>> doesn't breach the user's
>> trust without the user's knowledge.
>
>Ideas for how to do that welcome;-)

If we amend the proxy protocol as several has proposed, the endpoint
of trust for the user will be the proxy.

What happens after that point is entirely opaque to the user, and
it will have to be left to the user to decide if the proxy is
trustworthy.

The users browser can and SHALL inform him if he has privacy as
far as the proxy, but should also make it clear that the privacy
cannot be assured to extend any further.

I'm sure browser-writers can find a color-code for this.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Friday, 6 April 2012 20:49:23 UTC