- From: Peter Lepeska <bizzbyster@gmail.com>
- Date: Tue, 10 Dec 2013 11:25:06 -0500
- To: William Chan (陈智昌) <willchan@chromium.org>
- Cc: Albert Lunde <atlunde@panix.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CANmPAYHDZ0=NiOD4qc8rbTo7_NXVzZQFfOLZUQqkF4-SkDhS1Q@mail.gmail.com>
"Since we cannot break in these situations, user installed root CAs are given the authority to override pins." Wouldn't browser manufacturers prefer to come up with a way to allow proxies to operate that does not defeat the purpose of deploying pinned certs? Wouldn't proxy vendors (often security companies) prefer not to slow the pace of security improvements in web browsers? Accepting MITMs, and taking the teeth out of security functionality in order to allow them to continue to work, creates a stalemate situation where security and usability cannot advance. Isn't it the purpose of protocol designers to break this type of stalemate? Peter On Tue, Dec 10, 2013 at 2:52 AM, William Chan (陈智昌) <willchan@chromium.org>wrote: > I don't fully understand your email. From what I can tell, the main point > is that there are some subtle differences amongst trusted CAs for proxies > vs origin servers, and software should distinguish these. It may be true > that software can distinguish the differences here, but it may be very > difficult for end users to grok the differences. > > > On Mon, Dec 9, 2013 at 10:14 PM, Albert Lunde <atlunde@panix.com> wrote: > >> I would tend to argue that, in the web browser case, the list of >> configured trusted proxies and/or configured trusted CAs for proxies should >> go in a separate "bucket" from trusts for CAs used web servers, and should >> distinguish GET vs CONNECT tunnels. >> >> It's not so much that typical end users care about trusting a FOO-server >> vs a BAR-server (though maybe they should), but it should be possible to >> manage the proxies in use by some means, and that software may care about >> these distinctions. >> >> >> >> >
Received on Tuesday, 10 December 2013 16:25:33 UTC