- From: Roland Zink <roland@zinks.de>
- Date: Tue, 26 Nov 2013 13:34:17 +0100
- To: ietf-http-wg@w3.org
Step #3 > ======= > The browser sends a CONNECT command to the proxy (maybe that has to be > enhanced as well?) to connect to https://download.adobe.com. The proxy > tries to connect, and then either of two things happens: > 1. a1953.d.cdn.net has a certificate for download.adobe.com - that is > what we do today. > 2. a1953.d.cdn.net has a certificate for a1953.d.cdn.net, and issues > a "mandatory proxy" alert with its name. > In the former case, things will work as today. In the latter case, I'm > not sure how the proxy (or browser for that matter) can know that > a1953.d.cdn.net is a trusted proxy for download.adobe.com. Having the > private key is a good indication, but I think we want to get away from > that. > Either way, the connection is established > Is the Connect like in HTTP/1.1 the CONNECT method opening a TLS connection from the client to the CDN (TCP from proxy to CDN)? Or is this only opening a TLS connection from the proxy to the CDN? I'm assuming it is the latter.
Received on Tuesday, 26 November 2013 12:34:43 UTC