- From: Salvatore Loreto <salvatore.loreto@ericsson.com>
- Date: Tue, 24 Jul 2012 10:43:30 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
Received on Tuesday, 24 July 2012 08:44:01 UTC
Hi Robert and all,
let me start to say that IMO the requirements listed in section 4 should
be meet by
2.0 no matter how the discussion on Mandatory TLS ends.
My biggest concern with the draft is that it seems not to be thought for
mobile terminals;
for a cellular roaming (abroad) among different telecom operators
the fact (as stated in section 4) that a UA/Browser knows in advance the
existence of proxy is a little to restrictive,
Only proxies which are known to and configured by the user
should be allowed to intercept communications between the user
and the content-provider.
however I agree that the UA/Browser MUST become aware of the fact there
is a proxy in between.
Moreover I am not sure that is a good idea to "provide the decryption
key material" to the trusted proxy of each
network my mobile will use while I travel around the world.
cheers
Sal
--
Salvatore Loreto, PhD
www.sloreto.com
Received on Tuesday, 24 July 2012 08:44:01 UTC