- From: Salvatore Loreto <salvatore.loreto@ericsson.com>
- Date: Tue, 24 Jul 2012 10:43:30 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
Received on Tuesday, 24 July 2012 08:44:01 UTC
Hi Robert and all, let me start to say that IMO the requirements listed in section 4 should be meet by 2.0 no matter how the discussion on Mandatory TLS ends. My biggest concern with the draft is that it seems not to be thought for mobile terminals; for a cellular roaming (abroad) among different telecom operators the fact (as stated in section 4) that a UA/Browser knows in advance the existence of proxy is a little to restrictive, Only proxies which are known to and configured by the user should be allowed to intercept communications between the user and the content-provider. however I agree that the UA/Browser MUST become aware of the fact there is a proxy in between. Moreover I am not sure that is a good idea to "provide the decryption key material" to the trusted proxy of each network my mobile will use while I travel around the world. cheers Sal -- Salvatore Loreto, PhD www.sloreto.com
Received on Tuesday, 24 July 2012 08:44:01 UTC