Re: What will incentivize deployment of explicit proxies? from 陈智昌 on 2013-12-10 (ietf-http-wg@w3.org from October to December 2013)

From: 陈智昌 <willchan@chromium.org>
Date: Mon, 9 Dec 2013 23:52:41 -0800
To: Albert Lunde <atlunde@panix.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAA4WUYh5=LSmTC++9B0LTK1j=L=Sqe62SwDL=6pJC8C4tj4FRQ@mail.gmail.com>

I don't fully understand your email. From what I can tell, the main point
is that there are some subtle differences amongst trusted CAs for proxies
vs origin servers, and software should distinguish these. It may be true
that software can distinguish the differences here, but it may be very
difficult for end users to grok the differences.

On Mon, Dec 9, 2013 at 10:14 PM, Albert Lunde <atlunde@panix.com> wrote:

>  I would tend to argue that, in the web browser case, the list of
> configured trusted proxies and/or configured trusted CAs for proxies should
> go in a separate "bucket" from trusts for CAs used web servers, and should
> distinguish GET vs CONNECT tunnels.
>
> It's not so much that typical end users care about trusting a FOO-server
> vs a BAR-server (though maybe they should), but it should be possible to
> manage the proxies in use by some means, and that software  may care about
> these distinctions.
>
>
>
>

Received on Tuesday, 10 December 2013 07:53:08 UTC