Re: Explicit Proxy (draft-rpeon-httpbis-exproxy) from Roberto Peon on 2012-07-13 (ietf-http-wg@w3.org from July to September 2012)

From: Roberto Peon <grmocg@gmail.com>
Date: Fri, 13 Jul 2012 09:47:16 -0700
To: Chad Goss <chgoss@gmail.com>
Cc: ietf-http-wg@w3.org
Message-ID: <CAP+FsNdGbx-b_xSpyXOuNw6XOdN1OVU1eTZZQX37sdLhWwnWdw@mail.gmail.com>

On Jul 13, 2012 9:03 AM, "Chad Goss" <chgoss@gmail.com> wrote:
>
> Hi,
> I have read the draft, the primary question I had was what is the
mechanism to transfer the decryption key material from user-agent to
configured-proxy in a secure, authenticated and trusted manner immediately
after tunnel establishment, and how are you going to do that prior to any
traffic traversing the tunnel?

The draft is light on those details, to say the least. We'd have to define
a field (of a headers frame ) or frame that transported that information.
Since the client is configured to do this, it knows to emit that frame as
soon as the TLS tunnel has been established.

-=R

>
> thanks
> -chad
On Jul 13, 2012 9:03 AM, "Chad Goss" <chgoss@gmail.com> wrote:

> Hi,
> I have read the draft, the primary question I had was what is the
> mechanism to transfer the decryption key material from user-agent to
> configured-proxy in a secure, authenticated and trusted manner immediately
> after tunnel establishment, and how are you going to do that prior to any
> traffic traversing the tunnel?
>
> thanks
> -chad
>
>

Received on Friday, 13 July 2012 16:47:44 UTC