- From: 陈智昌 <willchan@chromium.org>
- Date: Tue, 3 Dec 2013 00:09:25 -0800
- To: Roberto Peon <grmocg@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAA4WUYi47c9NhhQF6XedGDKcJE5tdWy9aguDN8nHKoAonL-zdw@mail.gmail.com>
On Tue, Dec 3, 2013 at 12:02 AM, Roberto Peon <grmocg@gmail.com> wrote:
> CDNs, accelerators/caches, traffic-optimizers/traffic-shapers have
> usecases that wouldn't require the browser to give up any confidentiality
> (that the site didn't direct them to do, at least).
>
I'm going to ignore the CDN case, since I don't think they're explicit
proxies from a UA's perspective (unless I'm misunderstanding). How do you
serve cached content without knowing the URL of the resource? Are you
differentiating between object confidentiality and metadata (URL/headers)
confidentiality here? I think these questions apply to the other use cases
you refer to, but am not completely sure.
> For enterprises, the new trend is apparently to allow users to use their
> personal devices. These devices would be outside the normal administrative
> chain and would likely cause headaches.
>
I agree using personal devices would likely cause headaches. But you're not
saying explicit proxies solves this somehow, do you? If so, I missed it.
>
> -=R
>
>
> On Mon, Dec 2, 2013 at 11:37 PM, William Chan (陈智昌) <willchan@chromium.org
> > wrote:
>
>> Pardon me if this is obvious, but it's not immediately obvious to me what
>> will cause people to use explicit proxies instead of MITM proxies? Who is
>> going to deploy them? The 2 cases I can think of are:
>>
>> (1) People who are using HTTP interception ("transparent") proxies
>> (2) People who are already using SSL MITM proxies
>>
>> In case (1), it appears to me that proxy operators may want explicit
>> proxies, because theoretically those interception proxies provide vital
>> functionality that they don't want to lose if more things go over HTTPS.
>> Because if not, their alternative is to use a SSL MITM proxy, which
>> requires them to own the client devices so they can administratively
>> install additional root certificates. This bears a high cost, both in
>> perceived privacy impact and in requiring administrative maintenance. By
>> this description, I suspect this group probably consists of network
>> operators, like mobile network operators or ISPs or what not. I suspect
>> it's very costly for them to have to administrate customer devices.
>>
>> But I don't see what an explicit proxy will help with here. Is the
>> requirement that there be a way to automagically configure the explicit
>> proxy *and* default to giving up one or more of the confidentiality,
>> integrity, and authentication guarantees normally provided by TLS? I can't
>> see a browser defaulting into letting automatically letting an explicit
>> proxy MITM them. Will it just be opt-in (which, given how much browser
>> vendors "love" presenting UI to end users, is also controversial...)? If
>> so, is that good enough for whoever is deploying these proxies? I have to
>> imagine that's very unsatisfactory for them. What's the vision here?
>>
>> Now, as far case (2), if the proxy operators can already deploy their
>> MITM certs on client devices, then they already own those devices. This
>> sounds like enterprise computing devices or schools or prisons or what not.
>> Now, if they already own the devices on this network, what incentive do
>> they have to adopt explicit proxies? It sounds like they would just lose
>> power. Is there a carrot here? SSL MITM proxies are already transparent to
>> the client and origin server, so I don't see what leverage either entity
>> has here.
>>
>> Would love to hear peoples' thoughts here.
>>
>
>
Received on Tuesday, 3 December 2013 08:09:52 UTC