- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 6 Apr 2012 23:14:24 +0200
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
On Fri, Apr 06, 2012 at 08:48:54PM +0000, Poul-Henning Kamp wrote: > In message <4F7F53B7.20103@cs.tcd.ie>, Stephen Farrell writes: > > >On 04/06/2012 09:29 PM, Roberto Peon wrote: > >> doesn't breach the user's > >> trust without the user's knowledge. > > > >Ideas for how to do that welcome;-) > > If we amend the proxy protocol as several has proposed, the endpoint > of trust for the user will be the proxy. > > What happens after that point is entirely opaque to the user, and > it will have to be left to the user to decide if the proxy is > trustworthy. In my opinion we should let the user decide between GET https:// and CONNECT. That solves all issues because admins can let just a short whitelist run on CONNECT, with the rest being analyzed. Willy
Received on Friday, 6 April 2012 21:14:54 UTC