Re: What will incentivize deployment of explicit proxies?

The fact that everyone does it does not mean it's a good thing or that 
we should do it more.

But the fact is that I don't see how we can avoid leaving it to the 
user. When designing a protocol or a browser, we have no idea if the 
user is going to be working for example.com (making sslproxy.example.com 
acceptable), or not. We also don't have a good concept of "location", 
which would allow us to know if the browser is currently located on a 
network at the example.com offices. We also don't know whether 
IdaratAlAmnAlSiyasi.gov.sy is acceptable or not. They're hard choices, 
but only the user can make them.

It might be prudent to sacrifice expediency and block all access through 
unrecognized proxies. Adding an explicit proxy would then have to be 
done through a different UI, not a prompt that surprises a user who is 
trying to do something. If, as Adrien says, this is something that only 
happens once (when you get a new device or when the workplace installs a 
proxy) then configuring this once is likely OK. If these things start 
popping up in coffee shops, hotels, and your ISP connection, then we'll 
need something else.

Yoav


On 4/12/13 12:03 AM, James M Snell wrote:
>
> And yet that's exactly what is done in other contexts all the time. 
> When I link my android chrome browser to my Google account, for 
> instance, I can usually expect to be asked to make several security 
> choices...
>
> On Dec 3, 2013 1:57 PM, "Tim Bray" <tbray@textuality.com 
> <mailto:tbray@textuality.com>> wrote:
>
>     William is wrong: He will *definitely* be punished severely if he
>     proposes putting security choices in the faces of ordinary humans;
>     no “probably expect” about it...
>
>
>     On Tue, Dec 3, 2013 at 10:53 AM, William Chan (陈智昌)
>     <willchan@chromium.org <mailto:willchan@chromium.org>> wrote:
>
>         On Tue, Dec 3, 2013 at 5:36 AM, Yoav Nir <synp71@live.com
>         <mailto:synp71@live.com>> wrote:
>
>             I like this discovery process. It's all in HTTP. The only
>             downside is that it requires plaintext HTTP to work. I'm
>             assuming that http://awebsite.com should not be the real
>             site that the user is trying to view, but some specific
>             site that the browser vendor keeps available just for
>             testing for proxies with HTTP. You can't use the site that
>             the user used, because that might be HTTPS.
>
>             You will get pushback on #5, though.
>
>
>             On 3/12/13 3:16 PM, Nicolas Mailhot wrote:
>
>                 Le Mar 3 décembre 2013 12:24, Yoav Nir a écrit :
>
>
>                 5. Prompt the user:
>
>                 Accept using gateway-name to access
>                 http://awebsite.com/ and other web
>                 sites in ingoing-http2-mode ?
>
>                 [check reformatted access rules] [see help page] [see
>                 certificate]
>
>                    [ ] Prompt for other web sites and security modes
>                    ( ) only for this session ( ) all the time
>                    (*) only from here        ( ) everywhere
>                   [Yes] [No]
>
>
>             My mother would call me if she got that. My daughter would
>             quickly learn that clicking "Yes" after unchecking the
>             "Prompt" box and selecting "everywhere" makes the prompt
>             go away and not come back. IOW it would make the Internet
>             work.
>
>
>         <pushback>
>         I can probably expect to be tarred and feathered by my
>         security team if I tell them we need to put up a UI asking the
>         end user to make a decision about security :)
>         </pushback>
>
>
>             Yoav
>
>             (or my mother could call my daughter and get her advice...)
>
>
>
>
>