Re: What will incentivize deployment of explicit proxies?

+1

------ Original Message ------
From: "Yoav Nir" <synp71@live.com>
To: "William Chan (陈智昌)" <willchan@chromium.org>; "Martin Thomson" 
<martin.thomson@gmail.com>
Cc: "Werner Baumann" <werner.baumann@onlinehome.de>; "HTTP Working 
Group" <ietf-http-wg@w3.org>
Sent: 7/12/2013 11:42:56 a.m.
Subject: Re: What will incentivize deployment of explicit proxies?
>"Don't let anybody kid you. It's all personal, every bit of business."
>
>In this case, I disagree with Martin. This is not a problem that we can 
>avoid externalizing. Deciding whether a particular proxy is acceptable 
>to the user of a browser requires information that we don't have. We 
>don't have it at the IETF, and we don't have it where browsers are 
>developed.
>
>A browser can learn of the existence of a TLS proxy. This information 
>may come from an HTTP code, a TLS alert, DHCP, DNS, or whatever other 
>discovery mechanism we can think of. Whether this proxy is acceptable 
>depends on so many factors:
>
>  * Who deployed this proxy? (can probably be deduced from name in its
>    certificate, but only sort-of) Maybe your workplace is acceptable,
>    but the ISP or some other workplace is not.
>  * What is it doing with the cleartext traffic? Caching? Filtering?
>    Recording? Looking for terrorism/criminal activity? Assuring a
>    non-hostile workplace? There are no technical ways to know these
>    things. You'll have to learn them by social means - ask the IT
>    person, ask your boss, require by law all installed proxies to
>    disclose what they are doing. None of this can be done by Will or
>    his security team.
>  * Does the product used for the proxy have a recording function that
>    can be used in case of a legal mandate? If so, what procedural
>    mechanism protects the users from someone at IT using it to spy on 
>them?
>  * Does the product used for the proxy have a backdoor for
>    interception? Will and his security team don't know. The boss and
>    the IT person may not know that either.
>
>It's a complex decision affected by many objective factors and some 
>subjective attributes of the user. This is not a decision we can make 
>on behalf of the user. This is very different from reporting on a bad 
>certificate.
>
>Hopefully, this will be a rare decision that users don't have to face 
>every day.
>
>Yoav
>
>
>On 7/12/13 12:12 AM, William Chan (陈智昌) wrote:
>>Hey hey, there's no reason to make this personal :) I never said I
>>have no responsibility here. I just tried to make a funny quip that
>>the...more passionate factions of the larger Chromium project will be
>>very...passionate in their response to certain ideas. Is there a
>>reason you wish to make this about me all of a sudden?
>>
>>Let me be clear, I in general think it's terrible to burden the user
>>with decisions which they are largely unable to reason about. And I
>>think it's wrong to expect them to have the knowledge to reason about
>>it. And I disagree with the argument that browser vendors must provide
>>all possible configuration options so users can do whatever they want.
>>
>>On Fri, Dec 6, 2013 at 1:27 PM, Martin Thomson 
>><martin.thomson@gmail.com> wrote:
>>>On 6 December 2013 12:26, Werner Baumann 
>>><werner.baumann@onlinehome.de> wrote:
>>>>[...] the dogma that users are stupid.
>>>Not stupid, never stupid. It's respect.
>>>
>>>UI surface area imposes costs upon users. We cannot - should not -
>>>externalize our problems by shunting them on users.
>>>
>>>This isn't purely a security problem either; there are security
>>>aspects to this, but they aren't the only concerns. I expect better
>>>of Will than to try to shift focus onto some faceless "security 
>>>team",
>>>he owns some responsibility here too.
>>>
>
>

Received on Saturday, 7 December 2013 02:13:56 UTC