- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Tue, 26 Nov 2013 11:19:53 +0100
- To: "Amos Jeffries" <squid3@treenet.co.nz>
- Cc: ietf-http-wg@w3.org
Le Mar 26 novembre 2013 07:05, Amos Jeffries a écrit : > On 26/11/2013 1:55 p.m., Roberto Peon wrote: >> Here is the GOALS section from: >> http://tools.ietf.org/html/draft-vidya-httpbis-explicit-proxy-ps-00. >> I do think breaking down the conversation in this way is interesting. >> >> 6.2 >> <http://tools.ietf.org/html/draft-vidya-httpbis-explicit-proxy-ps-00#section-6.2>. >> Goals >> >> These are the goals of a solution aimed at making proxying explicit >> in HTTP. >> >> o In the presence of a proxy, users' communications SHOULD at least >> use a channel that is point-to-point encrypted. >> >> o Users MUST be able to opt-out of communicating sensitive >> information over a channel which is not end-to-end private. >> > > I think this is partially wrong. > > It would be far better to give the client some guarantee of end-to-end > confidentiality and/or non-transformation before it opts-in to sending > private details. > Signing or encrypting the particular details using a shared secret > arranged via mandatory out-of-band means with the origin server would be > acceptible. IMHO any way you look at it trust in a hop-by-hop world requires defining what parts of the message constitutes the payload and should never be modified, and then add a sender signature to it (if the payload is not already 100% crypted) I don't think anyone cares which of the intermediaries modified the payload if the signature does not match -- Nicolas Mailhot
Received on Tuesday, 26 November 2013 10:20:28 UTC