- From: Albert Lunde <atlunde@panix.com>
- Date: Thu, 02 May 2013 10:17:17 -0500
- To: HTTP Working Group <ietf-http-wg@w3.org>
On 5/2/2013 9:57 AM, Stephen Farrell wrote:
>
>
> On 05/02/2013 03:53 PM, Peter Lepeska wrote:
>> It's no different than today. If you have a root CA installed on the end users machine, you can MITM the bank. Under this scheme, there will be some proxies that will elect to not MITM traffic from content providers that explicitly opt-out.
>
> Right. All web servers have to trust all the proxies in the universe.
> Seems like a show-stopper to me.
>
>> In general, adding support for an SSL proxy should not decrease the
>> level of security from MITM attacks that we have today. It just allows
>> well-behaving ones to A) not have to forge certificates, B) remove the
>> problem of transitive trust, and C) make content servers aware and give
> them the ability to opt-out.
>
> Standardising that would IMO seriously decrease the level of
> security we have.
I'd say it's better to trust a known proxy than to be in the typical
captive portal situation where the portal in effect forges certificates
to make you think everything is wonderful.
This is being done widely enough to suggest there is a use case.
What one would like is something that restricts what the proxy can do
and identifies the proxy in a reliable way.
The other approach that sometimes works is some kind of VPN, but that
may be out of scope...
--
Albert Lunde albert-lunde@northwestern.edu
atlunde@panix.com (address for personal mail)
Received on Thursday, 2 May 2013 15:17:46 UTC