- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 20 Nov 2013 02:41:10 +0100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Mike Belshe <mike@belshe.com>
On Wed, Nov 20, 2013 at 12:25:58PM +1100, Mark Nottingham wrote: > Gentlemen, > > This thread is off-topic for this list, as per > <http://www.w3.org/mid/21ACB8E5-BC29-4725-8333-7B96E3364AE9@mnot.net>. Please > focus on proposing text for the spec. You're perfectly right Mark. And I think that Roy provided a few very very good points. In order to add some privacy, we need to make it easier and safer to use proxies. So let's loop back to one of the very old points about tls+auth for proxies. This will significantly improve the ability to use anonymisers and to use them safely. Without even the SNI or destination address being useful (right now the SNI is carried over clear text even through proxies). That way we can have end users safely connect to well known anonymisers without anyone being able to get anything from that conversation, to the same extents as what the pro-TLS guys expect from full TLS to servers. I know it has been discussed many times in the past, but let's bring that again on the table so that "people don't die anymore". Secure, trusted proxies are *the* solution to solve the privacy issues that make some people insist so much on having TLS. Let's just have it towards the right place. Willy
Received on Wednesday, 20 November 2013 01:41:42 UTC