Re: What will incentivize deployment of explicit proxies?

------ Original Message ------
From: "Mark Nottingham" <mnot@mnot.net>
>
>What I don't want to do is spend months-to-years developing a new kind 
>of explicit proxy in HTTP in the *hope* that it'll somehow magically 
>supplant these devices, without some sort of evidence that it has a 
>chance of doing so.
>
I'm getting the feeling we're doing just this when it comes to HTTP/2.

About 80% of the posts on the list here seem to be based on the foregone 
conclusion that HTTP/2 will be over TLS only, and that therefore ALPN 
will be available.

But last time I looked we were a long way from consensus on HTTP/2 being 
over TLS only.  Or did I miss something?

So what's the plan?

Seems dangerous to do all this work based on something that is still 
highly contentious without first reaching some conclusions first about 
mandatory TLS.


And also for the record.

Most of my customers would have a big problem with the proposal that 
connections to the ("trusted") proxy should be over TLS.

For many of them the proxy is already working the hardware quite hard 
(either old hardware or high-end).  To reduce capacity by 75% or more 
just by making everything TLS would mean they would all need to go get 
new or extra hardware for their proxy.  I foresee a lot of resistance to 
this.

I don't see why the client needs to auth the proxy inside a private 
network.


>

Received on Thursday, 12 December 2013 08:22:55 UTC