- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Wed, 04 Dec 2013 16:24:51 +1300
- To: ietf-http-wg@w3.org
On 4/12/2013 2:57 p.m., Peter Lepeska wrote: > I like the way you've laid this out from the perspective of incentives to > adopt. > > "Now, as far case (2), if the proxy operators can already deploy their MITM > certs on client devices, then they already own those devices. This sounds > like enterprise computing devices or schools or prisons or what not. Now, > if they already own the devices on this network, what incentive do they > have to adopt explicit proxies? It sounds like they would just lose power. > Is there a carrot here? SSL MITM proxies are already transparent to the > client and origin server, so I don't see what leverage either entity has > here." > > I wonder if MITM proxy operators have any legal concerns about viewing > content owners' traffic without their consent or even an indication that > the MITM is active. Some of them do. I have consulted for several installations where the MITM was decided against on legal grounds for almost exactly those reasons. I have also consulted for several where it was decided *for* on legal grounds (yes it was for schools mostly, but also for some government-run proxy system) but with restrictions on what filtering software may be attached to the proxy. > The proxy operators "own" their users' devices > presumably but not content owners' data. I think an ideal explicit proxy > would allow proxies to make their presence known to content owners. Amos
Received on Wednesday, 4 December 2013 03:25:20 UTC