Re: What will incentivize deployment of explicit proxies?

On 12/10/2013 01:45 AM, William Chan (陈智昌) wrote:
> Just so we're clear, the common methods already in use impact all
> consumers of TLS, not just browsers. They're getting added to the
> system certificate store, so they affect all applications. But the
> primary reason that it gets installed in the system certificate store
> is because these proxies want to MITM browser connections.

Right. And if vendors, operators or users do that that's their
responsibility. But if we do/endorse that, then we (the IETF)
have to bear some responsibility for other uses of TLS or we're
not doing our job. At least to the level of knowing what might
be broken, but even that's a huge job. So I really think the
HTTP proxy issue is best addressed via HTTP mechanisms to be
honest.

S.

Received on Tuesday, 10 December 2013 02:02:46 UTC