Re: Trusting proxies (was Re: I revised the pro/contra document)

Le Mar 26 novembre 2013 07:05, Amos Jeffries a écrit :
> On 26/11/2013 1:55 p.m., Roberto Peon wrote:
>> Here is the GOALS section from:
>> I do think breaking down the conversation in this way is interesting.
>> 6.2
>> <>.
>>  Goals
>>    These are the goals of a solution aimed at making proxying explicit
>>    in HTTP.
>>    o  In the presence of a proxy, users' communications SHOULD at least
>>       use a channel that is point-to-point encrypted.
>>    o  Users MUST be able to opt-out of communicating sensitive
>>       information over a channel which is not end-to-end private.
> I think this is partially wrong.
> It would be far better to give the client some guarantee of end-to-end
> confidentiality and/or non-transformation before it opts-in to sending
> private details.
> Signing or encrypting the particular details using a shared secret
> arranged via mandatory out-of-band means with the origin server would be
> acceptible.

IMHO any way you look at it trust in a hop-by-hop world requires defining
what parts of the message constitutes the payload and should never be
modified, and then add a sender signature to it (if the payload is not
already 100% crypted)

I don't think anyone cares which of the intermediaries modified the
payload if the signature does not match

Nicolas Mailhot

Received on Tuesday, 26 November 2013 10:20:28 UTC