Re: Yet another trusted proxy suggestion

Step #3
> =======
> The browser sends a CONNECT command to the proxy (maybe that has to be 
> enhanced as well?) to connect to The proxy 
> tries to connect, and then either of two things happens:
>  1. has a certificate for - that is 
> what we do today.
>  2. has a certificate for, and issues 
> a "mandatory proxy" alert with its name.
> In the former case, things will work as today. In the latter case, I'm 
> not sure how the proxy (or browser for that matter) can know that 
> is a trusted proxy for Having the 
> private key is a good indication, but I think we want to get away from 
> that.
> Either way, the connection is established
Is the Connect like in HTTP/1.1 the CONNECT method opening a TLS 
connection from the client to the CDN (TCP from proxy to CDN)? Or is 
this only opening a TLS connection from the proxy to the CDN? I'm 
assuming it is the latter.

Received on Tuesday, 26 November 2013 12:34:43 UTC