- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 20 Nov 2013 13:07:46 +1100
- To: Willy Tarreau <w@1wt.eu>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Mike Belshe <mike@belshe.com>
Hi Willy, On 20/11/2013, at 12:41 PM, Willy Tarreau <w@1wt.eu> wrote: > > So let's loop back to one of the very old points about tls+auth for > proxies. This will significantly improve the ability to use anonymisers > and to use them safely. Without even the SNI or destination address > being useful (right now the SNI is carried over clear text even > through proxies). > > That way we can have end users safely connect to well known anonymisers > without anyone being able to get anything from that conversation, to > the same extents as what the pro-TLS guys expect from full TLS to > servers. > > I know it has been discussed many times in the past, but let's bring > that again on the table so that "people don't die anymore". Secure, > trusted proxies are *the* solution to solve the privacy issues that > make some people insist so much on having TLS. Let's just have it > towards the right place. Explicit proxy is tracked here: <https://github.com/http2/http2-spec/issues/316>. I've heard a significant amount of interest in this, especially at and after Vancouver, and think we'll see more proposals soon. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Wednesday, 20 November 2013 02:08:09 UTC