W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

RE: Trusted proxy UI strawman

From: Richard Wheeldon (rwheeldo) <rwheeldo@cisco.com>
Date: Fri, 20 Jun 2014 00:46:53 +0000
To: Adrien de Croy <adrien@qbik.com>, Barry Leiba <barryleiba@computer.org>, Peter Lepeska <bizzbyster@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <0566CA5E9B906D40B6737DD47DA9FB8F1B53C00D@xmb-rcd-x04.cisco.com>
 > I think any efforts to block out the possibility for intermediaries to inspect and modify traffic in HTTP would be wasted.

Nor is it desirable, IMHO. There's an implicit assumption in the idea that proxies shouldn't interfere that the that
endpoints (hosts or servers) are themselves trustworthy. Whilst this might be the majority case, it's certainly
not universally true by a long way.

Take for example the Microsoft stats on infected hosts:
	http://www.microsoft.com/eu/on-the-issues/article/windows-xp-losing-pace-in-the-eu.aspx

or those which are running with limited protection:
	http://www.microsoft.com/security/sir/story/default.aspx#!why_upgrade

or any amount of evidence into the volumes of Windows and Android malware. 

In many cases the network is going to be in a better state than the endpoint,

Richard

Received on Friday, 20 June 2014 00:47:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC