W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: explicitly authenticated proxy: new draft

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 19 Jun 2014 15:42:59 +1000
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Diego R. Lopez" <diego@tid.es>, Martin Nilsson <nilsson@opera.com>, "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Message-Id: <DFEFC621-71B3-4823-A9F0-3DE2780CD44A@mnot.net>
To: Salvatore Loreto <salvatore.loreto@ericsson.com>

On 18 Jun 2014, at 4:54 pm, Salvatore Loreto <salvatore.loreto@ericsson.com> wrote:

> 
> On Jun 18, 2014, at 3:49 AM, Mark Nottingham <mnot@mnot.net> wrote:
> 
>>> The main problem is really how dynamically configure and authenticate a proxy that is inline to the user
>>> (i.e. specific to the access network)
>>> 
>>> The draft proposes to use the Proxy Certificate as a way for the Proxy to authenticate itself and at same time trigger
>>> the consent request into the Browser and show to the end user.
>> 
>> It sounds a lot like you're talking about a "transparent" proxy -- i.e., one that's not explicitly configured by the user (or their administrator on their behalf). Is that the case, or do I misunderstand?
> 
> maybe its me or maybe a terminology problem here.
> 
> does the fact that the configuration parameters are not explicitly inserted by hand (by the user or their administrator on their behalf) make the proxy a transparent one? 
> IMO a lots depends on how the automatic configuration happens.
> The auth-draft is proposing a mechanism where the proxy manifests itself and asks the consent to the user (thru a popup window showing the right info to make
> a conscious decision) and then only if the user provides consent that proxy is "automatically" configured by the proxy.
> 
> So at the end the user is always made aware of the fact that there is a proxy (the one that has manifest itself) in between himself and the content.
> this mechanism, as proposed, actually is per network access and limited in time.

Right. That approach has been consistently rejected by most browser security people, because it's very similar to a cert error; the user will just click through it to get to the information they want.

> I think this proposal make even more explicit compared to a proxy configured by the administrator on behalf of the user or even of one configured by the user and then forgotten.

The difference, I think, is that when you insert a security decision in the middle of a user action, the user is much less likely to make an informed decision. While the proxy configuration is hidden away in most browsers, it's set up as a separate mechanism. 

Furthermore, experience with HTTP authentication shows that limited-content dialogues with no presentation control by the authenticating party often don't provide enough context to make an informed decision. I suspect that the same dynamic will evidence here; a cert extension has very limited ability to convey information...

These are just my impressions based upon past conversations. Let's discuss this in Toronto and get some wider input.

Cheers,

--
Mark Nottingham   https://www.mnot.net/
Received on Thursday, 19 June 2014 05:43:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC