W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: What will incentivize deployment of explicit proxies?

From: 陈智昌 <willchan@chromium.org>
Date: Tue, 3 Dec 2013 03:37:22 -0800
Message-ID: <CAA4WUYh5SMHYttgh8+iG6XG0T+LNoy0u6purHyHpscAHq5hp3g@mail.gmail.com>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: Roberto Peon <grmocg@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Dec 3, 2013 at 2:02 AM, Nicolas Mailhot <nicolas.mailhot@laposte.net
> wrote:

> Le Mar 3 décembre 2013 09:09, William Chan (陈智昌) a écrit :
> > I agree using personal devices would likely cause headaches. But you're
> > not
> > saying explicit proxies solves this somehow, do you? If so, I missed it.
> Explicit auto-configured proxies allow plugging in devices which have not
> been mastered by the IT department. They don't require the user to hunt
> for the MITM certificate, or the pacfile that enables external
> communication on corporate premises.

I think I've heard people reference this auto-configuration stuff, but I
haven't seen any concrete proposals around it. Did I miss it? I'd like to
see one. The main thing I don't understand about something like this is,
auto-configuration seems to imply that the user doesn't have to configure
anything. In that case, where does the user indicate that it's OK to
"trust" this proxy and let it examine the HTTPS traffic? Because I can't
imagine browsers defaulting to allowing HTTPS traffic to being examined by
intermediaries in the network. Does that seem unreasonable?

> --
> Nicolas Mailhot
Received on Tuesday, 3 December 2013 11:37:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC