Re: What will incentivize deployment of explicit proxies? from James M Snell on 2013-12-03 (ietf-http-wg@w3.org from October to December 2013)

From: James M Snell <jasnell@gmail.com>
Date: Tue, 3 Dec 2013 14:03:50 -0800
To: Tim Bray <tbray@textuality.com>
Cc: ChanWilliam(陈智昌) <willchan@chromium.org>, Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Yoav Nir <synp71@live.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABP7RbeZ-0TWLfhtV1aX=AZXBk8oRRRNqTP=MV06ivcFqUeOsQ@mail.gmail.com>

And yet that's exactly what is done in other contexts all the time. When I
link my android chrome browser to my Google account, for instance, I can
usually expect to be asked to make several security choices...
On Dec 3, 2013 1:57 PM, "Tim Bray" <tbray@textuality.com> wrote:

> William is wrong: He will *definitely* be punished severely if he proposes
> putting security choices in the faces of ordinary humans; no “probably
> expect” about it...
>
>
> On Tue, Dec 3, 2013 at 10:53 AM, William Chan (陈智昌) <willchan@chromium.org
> > wrote:
>
>> On Tue, Dec 3, 2013 at 5:36 AM, Yoav Nir <synp71@live.com> wrote:
>>
>>> I like this discovery process. It's all in HTTP. The only downside is
>>> that it requires plaintext HTTP to work. I'm assuming that
>>> http://awebsite.com should not be the real site that the user is trying
>>> to view, but some specific site that the browser vendor keeps available
>>> just for testing for proxies with HTTP. You can't use the site that the
>>> user used, because that might be HTTPS.
>>>
>>> You will get pushback on #5, though.
>>>
>>>
>>> On 3/12/13 3:16 PM, Nicolas Mailhot wrote:
>>>
>>>> Le Mar 3 décembre 2013 12:24, Yoav Nir a écrit :
>>>>
>>>>
>>>> 5. Prompt the user:
>>>>
>>>> Accept using gateway-name to access http://awebsite.com/ and other web
>>>> sites in ingoing-http2-mode ?
>>>>
>>>> [check reformatted access rules] [see help page] [see certificate]
>>>>
>>>>    [ ] Prompt for other web sites and security modes
>>>>    ( ) only for this session ( ) all the time
>>>>    (*) only from here        ( ) everywhere
>>>>                                           [Yes] [No]
>>>>
>>>>
>>>>  My mother would call me if she got that. My daughter would quickly
>>> learn that clicking "Yes" after unchecking the "Prompt" box and selecting
>>> "everywhere" makes the prompt go away and not come back. IOW it would make
>>> the Internet work.
>>>
>>
>> <pushback>
>> I can probably expect to be tarred and feathered by my security team if I
>> tell them we need to put up a UI asking the end user to make a decision
>> about security :)
>> </pushback>
>>
>>
>>> Yoav
>>>
>>> (or my mother could call my daughter and get her advice...)
>>>
>>>
>>>
>>>
>>
>

Received on Tuesday, 3 December 2013 22:04:18 UTC