- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Wed, 4 Dec 2013 10:16:42 +0100
- To: "Albert Lunde" <atlunde@panix.com>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Le Mer 4 décembre 2013 02:18, Albert Lunde a écrit : > Saying, "I'll trust proxies with certificates signed by a list of CAs" > "reduces" it to the certificate trust problem, which is nearly where we > stated, though trusting proxies signed by a short list of CAs might be > more manageable. In the end the user needs to be notified when a particular proxy he accepted is in use or not (with kill connexion option if he wants to stop). Because only this user will know if his current browsing is sensitive or not, or if the proxy is expected or not. When I'm at home vpn connected to work I accept the terms of my workplace proxy. When I'm at home doing personal stuff I don't want my employer to intrude, so I want to be shown I forgot to close the vpn and I'm still being proxified. (or to take another example if I accepted a hotel proxy and it pops up in another physical place something fishy is going on and I don't need to be an IT expert to realise it). I may visit another work premise that uses a different address plan and seeing the usual work proxy popup will be ok. Seeing the same pop up in another company indicates someone is trying to steal trade secrets. School proxy at school is ok. school proxy at home means an enterprising student stole the headmaster's post-it admin password, got the gateway certificates and wants to spy on his schoolmates. You can't get the user out of the decision loop. You can avoid bothering him needlessly with new prompts once the initial yes/no choice has been done, but even afterwards gateway xxx is in use needs to be displayed somewhere in the web client chrome Regards, -- Nicolas Mailhot
Received on Wednesday, 4 December 2013 09:17:13 UTC