Re: Trusted proxy UI strawman from Roland Zink on 2014-06-18 (ietf-http-wg@w3.org from April to June 2014)

From: Roland Zink <roland@zinks.de>
Date: Wed, 18 Jun 2014 23:00:01 +0200
To: ietf-http-wg@w3.org
Message-ID: <53A1FDD1.2020009@zinks.de>

I think the user will not have an idea on what they give up by accepting 
a proxy. However I see also a problem in companies, criminals and 
intelligence agencies taking over my devices and home, find out who 
comes to visit, who shares a bed and send whatever they want over TLS. 
Enforcing a decrypting proxy in between would allow to get some privacy 
back. However in both directions if there is something which needs to be 
really secured there will be a second level of encryption.

Roland

On 18.06.2014 21:30, Martin Thomson wrote:
> On 18 June 2014 10:59, Barry Leiba <barryleiba@computer.org> wrote:
>> The biggest problem with all of this is that you're making an
>> unreasonable assumption at the start: that users can reasonably "opt
>> out" of a <strike>privacy-invading</strike> "trusted" proxy.  (And,
>> yes, we have to call it something else: the *user* certainly does not
>> trust the proxy.)
>>
>> 1. If such a thing were to be deployed, it would immediately be
>> deployed in a way where the option to accept the proxy's intervention
>> becomes a Hobson's choice: either you accept the proxy or you don't
>> get to the web site you're trying to get to.  What do you think a user
>> (see below) will do in that situation?
>>
>> 2. It's simply unreasonable to imagine that users -- real users out
>> there, not "users" that really means operators, or content providers,
>> or browser makers, or whatever -- will have the first idea what
>> they're really giving up by accepting the proxy, nor that they will
>> have any understanding of what your UI markers (a "trusted proxy logo"
>> or any such thing) mean.  They will not have a clue, and they will not
>> be making an informed decision to put themselves in a position where,
>> for example, this proxy that they don't really trust now has their
>> username and password for their bank.
>>
>> To believe otherwise is to ignore all research that's been done on this stuff.
> Yes, and I'd point out that the sort of things that Will refers to
> undermine the integrity of the user-site contract from the perspective
> of the site operator too.
>

Received on Wednesday, 18 June 2014 21:00:25 UTC