Explicit Proxies for HTTP/2.0: comments

Hi Robert and all,

let me start to say that IMO the requirements listed in section 4 should 
be meet by
2.0 no matter how the discussion on Mandatory TLS ends.

My biggest concern with the draft is that it seems not to be thought for 
mobile terminals;
for a cellular roaming (abroad) among different telecom operators
the fact (as stated in section 4) that a UA/Browser knows in advance the 
existence of  proxy is a little to restrictive,

          Only proxies which are known to and configured by the user
          should be allowed to intercept communications between the user
          and the content-provider.

however I agree that the UA/Browser MUST become aware of the fact there 
is a proxy in between.

Moreover I am not sure that is a good idea to "provide the decryption 
key material" to the trusted proxy of each
network my mobile will use while I travel around the world.


Salvatore Loreto, PhD

Received on Tuesday, 24 July 2012 08:44:01 UTC