- From: Eliot Lear <lear@cisco.com>
- Date: Thu, 28 Nov 2013 10:28:22 +0100
- To: Yoav Nir <synp71@live.com>, Martin Thomson <martin.thomson@gmail.com>, Adrien de Croy <adrien@qbik.com>
- CC: HTTP Group <ietf-http-wg@w3.org>
On 11/26/13 10:40 PM, Yoav Nir wrote: > > For this we have the luxury of being able to be unambiguous: "The > network has an HTTPS monitor called sslproxy.example.com that will > decrypt all HTTPS traffic. Any passwords, credit card numbers and > personal information will be visible to this proxy. Click <a > href="https://sslproxy.example.com/.well-known/proxy-terms-of-use.html>here</a> > to learn more about this proxy.". It's tempting to add a "Trust this > proxy" button there, or Firefox's "I understand the risks" (no, you > don't). But I guess training users to click this button is bad > practice. Better to give them instructions about how to configure > their particular browser to trust this proxy through menus or > about:config. > > But regardless, a visual indication of the existence of the proxy is a > benefit that we're missing with the MitM we have today. We could have > warnings before typing in password fields or fields marked as credit > card number. When Mark did his proxy draft, what I was kicking around were scaling approaches to what you've written above. What's more, there are often different proxies in path for different purposes. The mechanism has to be both iterative and yet it must not "nag the user". The permission model must be robust to such circumstances, especially in a mobile world. Eliot
Received on Thursday, 28 November 2013 09:28:57 UTC