I wrote up some high level concepts around this in 2011 which may be of interest: https://www.belshe.com/2011/11/17/spdy-of-the-future-might-blow-your-mind-today/ I think these are still relevant. Mike On Tue, Nov 19, 2013 at 6:07 PM, Mark Nottingham <mnot@mnot.net> wrote: > Hi Willy, > > On 20/11/2013, at 12:41 PM, Willy Tarreau <w@1wt.eu> wrote: > > > > So let's loop back to one of the very old points about tls+auth for > > proxies. This will significantly improve the ability to use anonymisers > > and to use them safely. Without even the SNI or destination address > > being useful (right now the SNI is carried over clear text even > > through proxies). > > > > That way we can have end users safely connect to well known anonymisers > > without anyone being able to get anything from that conversation, to > > the same extents as what the pro-TLS guys expect from full TLS to > > servers. > > > > I know it has been discussed many times in the past, but let's bring > > that again on the table so that "people don't die anymore". Secure, > > trusted proxies are *the* solution to solve the privacy issues that > > make some people insist so much on having TLS. Let's just have it > > towards the right place. > > > Explicit proxy is tracked here: < > https://github.com/http2/http2-spec/issues/316>. > > I've heard a significant amount of interest in this, especially at and > after Vancouver, and think we'll see more proposals soon. > > Cheers, > > > -- > Mark Nottingham http://www.mnot.net/ > > > >
Received on Wednesday, 20 November 2013 03:24:01 UTC