Explicit Proxy [was: A proposal]

Hi Willy,

On 20/11/2013, at 12:41 PM, Willy Tarreau <w@1wt.eu> wrote:
> So let's loop back to one of the very old points about tls+auth for
> proxies. This will significantly improve the ability to use anonymisers
> and to use them safely. Without even the SNI or destination address
> being useful (right now the SNI is carried over clear text even
> through proxies).
> That way we can have end users safely connect to well known anonymisers
> without anyone being able to get anything from that conversation, to
> the same extents as what the pro-TLS guys expect from full TLS to
> servers.
> I know it has been discussed many times in the past, but let's bring
> that again on the table so that "people don't die anymore". Secure,
> trusted proxies are *the* solution to solve the privacy issues that
> make some people insist so much on having TLS. Let's just have it
> towards the right place.

Explicit proxy is tracked here: <https://github.com/http2/http2-spec/issues/316>. 

I've heard a significant amount of interest in this, especially at and after Vancouver, and think we'll see more proposals soon.


Mark Nottingham   http://www.mnot.net/

Received on Wednesday, 20 November 2013 02:08:09 UTC