Re: Yet another trusted proxy suggestion

On 26/11/13 2:34 PM, Roland Zink wrote:
> Step #3
>> =======
>> The browser sends a CONNECT command to the proxy (maybe that has to 
>> be enhanced as well?) to connect to The 
>> proxy tries to connect, and then either of two things happens:
>>  1. has a certificate for - that 
>> is what we do today.
>>  2. has a certificate for, and issues 
>> a "mandatory proxy" alert with its name.
>> In the former case, things will work as today. In the latter case, 
>> I'm not sure how the proxy (or browser for that matter) can know that 
>> is a trusted proxy for Having the 
>> private key is a good indication, but I think we want to get away 
>> from that.
>> Either way, the connection is established
> Is the Connect like in HTTP/1.1 the CONNECT method opening a TLS 
> connection from the client to the CDN (TCP from proxy to CDN)? Or is 
> this only opening a TLS connection from the proxy to the CDN? I'm 
> assuming it is the latter

I don't think a "trusted proxy" would allow us to just tunnel TLS, so 
it's a different thing. It tells the proxy to open the connection 
onwards. Could be a new method or a special frame.


Received on Tuesday, 26 November 2013 12:50:03 UTC