William is wrong: He will *definitely* be punished severely if he proposes putting security choices in the faces of ordinary humans; no “probably expect” about it... On Tue, Dec 3, 2013 at 10:53 AM, William Chan (陈智昌) <willchan@chromium.org>wrote: > On Tue, Dec 3, 2013 at 5:36 AM, Yoav Nir <synp71@live.com> wrote: > >> I like this discovery process. It's all in HTTP. The only downside is >> that it requires plaintext HTTP to work. I'm assuming that >> http://awebsite.com should not be the real site that the user is trying >> to view, but some specific site that the browser vendor keeps available >> just for testing for proxies with HTTP. You can't use the site that the >> user used, because that might be HTTPS. >> >> You will get pushback on #5, though. >> >> >> On 3/12/13 3:16 PM, Nicolas Mailhot wrote: >> >>> Le Mar 3 décembre 2013 12:24, Yoav Nir a écrit : >>> >>> >>> 5. Prompt the user: >>> >>> Accept using gateway-name to access http://awebsite.com/ and other web >>> sites in ingoing-http2-mode ? >>> >>> [check reformatted access rules] [see help page] [see certificate] >>> >>> [ ] Prompt for other web sites and security modes >>> ( ) only for this session ( ) all the time >>> (*) only from here ( ) everywhere >>> [Yes] [No] >>> >>> >>> My mother would call me if she got that. My daughter would quickly >> learn that clicking "Yes" after unchecking the "Prompt" box and selecting >> "everywhere" makes the prompt go away and not come back. IOW it would make >> the Internet work. >> > > <pushback> > I can probably expect to be tarred and feathered by my security team if I > tell them we need to put up a UI asking the end user to make a decision > about security :) > </pushback> > > >> Yoav >> >> (or my mother could call my daughter and get her advice...) >> >> >> >> >
Received on Tuesday, 3 December 2013 21:55:45 UTC