Re: What will incentivize deployment of explicit proxies? from Nicolas Mailhot on 2013-12-04 (ietf-http-wg@w3.org from October to December 2013)

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Wed, 4 Dec 2013 09:46:43 +0100
To: "Yoav Nir" <synp71@live.com>
Cc: "William Chan (陈智昌)" <willchan@chromium.org>, "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Roberto Peon" <grmocg@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <8f9709d0431f434d938a2d396d1f6365.squirrel@arekh.dyndns.org>

Le Mar 3 décembre 2013 22:20, Yoav Nir a écrit :
> On 3/12/13 8:53 PM, William Chan (陈智昌) wrote:
>> 5. Prompt the user:
>>
>>
>>         Accept using gateway-name to access http://awebsite.com/ and
>>         other web
>>         sites in ingoing-http2-mode ?
>>
>>         [check reformatted access rules] [see help page] [see
>> certificate]
>>
>>            [ ] Prompt for other web sites and security modes
>>            ( ) only for this session ( ) all the time
>>            (*) only from here        ( ) everywhere
>>                                                   [Yes] [No]
>>
>>
>>     My mother would call me if she got that. My daughter would quickly
>>     learn that clicking "Yes" after unchecking the "Prompt" box and
>>     selecting "everywhere" makes the prompt go away and not come back.
>>     IOW it would make the Internet work.
>>
>>
>> <pushback>
>> I can probably expect to be tarred and feathered by my security team
>> if I tell them we need to put up a UI asking the end user to make a
>> decision about security :)
>> </pushback>
>>
> Especially if you ask the end user at the worst possible time - when
> you're in their way to finish something they've already begun. So I've
> decided to read my gmail, and I typed "mail.google.com", and I'm
> expecting my message list to appear in a second. And now you tell me to
> stop everything and answer some question about some proxy?

I can tell you this is way better for the user. The current systems fall
in three categories : silent interception, auth that requires restarting
the browser, auth that interrupts in a hackish way. They're all worse than
that one way of the other.

Besides, the user need not get the prompt every time. For a gateway that
does not require auth, just autoconnect the next time you encounter it
(with notification so user can stop if he does not like it). If the
gateway does require auth it's slightly more complex but browsers already
have password stores for that case. The whole point of fixing the plumbing
in the protocol is to enable automated handling when it's safe and makes
sense. The current one-of-a-kind systems do not permit this.

Regards,

-- 
Nicolas Mailhot

Received on Wednesday, 4 December 2013 08:47:14 UTC