On Tue, Dec 3, 2013 at 1:53 PM, William Chan (陈智昌) <willchan@chromium.org>wrote:
>
> <pushback>
> I can probably expect to be tarred and feathered by my security team if I
> tell them we need to put up a UI asking the end user to make a decision
> about security :)
> </pushback>
>
>
>
Right. There is probably no way the user can make a meaningful decision
here. Heck - I'm not sure I can make a meaningful decision and I'm
certainly more familiar with the issues than most users. We've just begun
to uncover some of the reasons why.
you make a "trust" delegation to your proxy to do exactly what.. load a
single URL? load just a particular origin? load a page.. (for how long
(scripts!)?).. can different pages use scripts cached with that trust? Can
they use my pre established cookies? What about mixed content rules? What
about a safe browsing database or a CRL list - Are those still trusted? How
about browser updates or new addons? Should you be prompted separately to
search google.com and login to chase.com? is every page a new dialog? Are
we going to categories where you opt-in a category (e.g. search, but not
finance) and then the server gets to decide what kind of data it is instead
of the user? Why is my EV indicator now gone and does that deter server
side folks who want a stable UI to not adopt EV?
And that's all rather beside the point. The information belongs to the user
not to the network even if the network is not obliged to carry it. If the
network would like to be able to more expressively define mechanisms saying
it refuses to carry e2e secured data I would be happy to make use of that..
-P