Re: What will incentivize deployment of explicit proxies? from Yoav Nir on 2013-12-03 (ietf-http-wg@w3.org from October to December 2013)

From: Yoav Nir <synp71@live.com>
Date: Tue, 3 Dec 2013 13:47:20 +0200
To: "William Chan (陈智昌)" <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <BLU0-SMTP471949D64F631396FFC20F6B1D50@phx.gbl>

On 3/12/13 9:37 AM, William Chan (陈智昌) wrote:
>
> Now, as far case (2), if the proxy operators can already deploy their 
> MITM certs on client devices, then they already own those devices. 
> This sounds like enterprise computing devices or schools or prisons or 
> what not. Now, if they already own the devices on this network, what 
> incentive do they have to adopt explicit proxies? It sounds like they 
> would just lose power. Is there a carrot here? SSL MITM proxies are 
> already transparent to the client and origin server, so I don't see 
> what leverage either entity has here.
>
As a vendor of such solutions, I'll share with you the #1 complaint we 
get from customers: the green EV indication is gone. It's very likely 
that administrators are more concerned about EV than their users, but as 
it is, not letting the browser see the real server certificate is 
definitely not a good thing.

Yoav

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Tuesday, 3 December 2013 11:47:49 UTC