Re: Yet another trusted proxy suggestion

On Fri, Nov 29, 2013 at 1:45 AM, Nicolas Mailhot <> wrote:

> So unless a bank representative states the contrary, all my technical
> experience screams its a non-problem.

+1. Stephen's response (that a bank can't currently know if there is a TLS
proxy in HTTP/1.1) ignores what Yoav said, which is that such a bank could
detect that by forcing client auth. Of course they won't do that, but they
of course also won't have to because then they would be forced to not have
internet banking.

Stephen: if you have a real regulation and legal interpretation that we can
look at, we can look at that. "What if someone interprets a law in the way
I want them to because I don't like TLS proxies..." is not a useful

Received on Saturday, 30 November 2013 15:54:48 UTC