W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Trusted proxy UI strawman

From: Martin Thomson <martin.thomson@gmail.com>
Date: Sun, 15 Jun 2014 11:25:19 -0700
Message-ID: <CABkgnnWe6tsN_u40q4xUAZF2pfzhRSo++JyxNG2SvC2C8kDsYA@mail.gmail.com>
To: Peter Lepeska <bizzbyster@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 14 June 2014 17:02, <bizzbyster@gmail.com> wrote:
> I agree. Here's a straw man to get the discussion going:
> http://caffeinatetheweb.com/presentations/trusted_proxy.html.

I have a lot of questions, but I'll start with this one: is the decision to
accept the proxy a blocking one? That is, is the user able to use the Web
prior to making this decision? That makes a very big difference.

I also have a few things that you might like to think about:

https://bankofamerica.com/ might be a bad choice of example, though I'm
guessing that you chose a banking site intentionally. Personally, I find
the idea that there is a MitM on a connection to my bank to be almost as
disturbing as having my visit to a doctor monitored.

This sort of work might not be in scope here. I understand that we need to
have this discussion somewhere, but the IETF (and even the W3C) have so far
avoided dealing with these sorts of issues. That's probably not the right
answer, but I keep hearing that this is outside their area of expertise.
Received on Sunday, 15 June 2014 18:25:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC