Re: What will incentivize deployment of explicit proxies?

On 7/12/13 4:25 PM, Albert Lunde wrote:
> Is there any useful role for having a physical file format and file 
> extension that says "here is a proxy's address and TLS certificate", 
> such that if one imported it into a browser it would be trusted?

That depends on how we authenticate the proxy. My idea is to use the 
regular HTTPS authentication for the proxy. So we only need an origin, 
as in "https://sslproxy.example.com", and the authentication can be done 
by checking that either the CN or alternate name is 
"sslproxy.example.com".  There is a cost associated with this of getting 
a certificate from a public CA. Alternatively we can do the DANE thing. 
If we want the authentication to be outside of the trusted CA or trusted 
DNS, we can create a file format that includes a public key. I think a 
simple origin is good enough.

>
> I can see how this could be a security risk via spoofing, but it might 
> cut out some of the protocol/user interface dance in getting a trusted 
> proxy established, by providing an out-of-band way to communicate the 
> trust requirements in a given setting.

We can post a sign on the wall saying "everyone please set your browser 
to trust the TLS proxy https://sslproxy.example.com "

>
> Signing the file as a whole seems like a good idea, but I'd rather 
> have plain text and one or more base-64 blobs than a pure binary 
> format that would be easier use to hide an executable.
>
> I am assuming typical users would double click on the file to process 
> it, even though that is frequently a bad idea.

That's an attack vector, because the proxy is where the browser goes to 
find all resources on the web. So if double-clicking gets me to trust 
sslproxy.stasi.de (we can't use NSA as an example always, right?) we're 
not in a good place.

Yoav