W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: explicitly authenticated proxy: new draft

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 19 Jun 2014 15:42:59 +1000
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Diego R. Lopez" <diego@tid.es>, Martin Nilsson <nilsson@opera.com>, "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Message-Id: <DFEFC621-71B3-4823-A9F0-3DE2780CD44A@mnot.net>
To: Salvatore Loreto <salvatore.loreto@ericsson.com>

On 18 Jun 2014, at 4:54 pm, Salvatore Loreto <salvatore.loreto@ericsson.com> wrote:

> On Jun 18, 2014, at 3:49 AM, Mark Nottingham <mnot@mnot.net> wrote:
>>> The main problem is really how dynamically configure and authenticate a proxy that is inline to the user
>>> (i.e. specific to the access network)
>>> The draft proposes to use the Proxy Certificate as a way for the Proxy to authenticate itself and at same time trigger
>>> the consent request into the Browser and show to the end user.
>> It sounds a lot like you're talking about a "transparent" proxy -- i.e., one that's not explicitly configured by the user (or their administrator on their behalf). Is that the case, or do I misunderstand?
> maybe its me or maybe a terminology problem here.
> does the fact that the configuration parameters are not explicitly inserted by hand (by the user or their administrator on their behalf) make the proxy a transparent one? 
> IMO a lots depends on how the automatic configuration happens.
> The auth-draft is proposing a mechanism where the proxy manifests itself and asks the consent to the user (thru a popup window showing the right info to make
> a conscious decision) and then only if the user provides consent that proxy is "automatically" configured by the proxy.
> So at the end the user is always made aware of the fact that there is a proxy (the one that has manifest itself) in between himself and the content.
> this mechanism, as proposed, actually is per network access and limited in time.

Right. That approach has been consistently rejected by most browser security people, because it's very similar to a cert error; the user will just click through it to get to the information they want.

> I think this proposal make even more explicit compared to a proxy configured by the administrator on behalf of the user or even of one configured by the user and then forgotten.

The difference, I think, is that when you insert a security decision in the middle of a user action, the user is much less likely to make an informed decision. While the proxy configuration is hidden away in most browsers, it's set up as a separate mechanism. 

Furthermore, experience with HTTP authentication shows that limited-content dialogues with no presentation control by the authenticating party often don't provide enough context to make an informed decision. I suspect that the same dynamic will evidence here; a cert extension has very limited ability to convey information...

These are just my impressions based upon past conversations. Let's discuss this in Toronto and get some wider input.


Mark Nottingham   https://www.mnot.net/
Received on Thursday, 19 June 2014 05:43:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC