W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Proxies (includes call for adopting new work item, call for input)

From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 22 Jun 2014 12:48:26 -0700
Message-ID: <CABcZeBPx4W8NrKrPMoSWvUvy2PwPZvW6WJXo3QbdKPyrDqfNyA@mail.gmail.com>
To: Martin Nilsson <nilsson@opera.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Jun 22, 2014 at 12:35 PM, Martin Nilsson <nilsson@opera.com> wrote:

>  On Sun, 22 Jun 2014 18:39:58 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>
>
>
>  What I am concerned here is about the differentiation between the term
>> "proxy" (i.e., an imposed MITM) and "split UA" (i.e., a design decision of
>> the browser producer) May be we should try to coin a more neutral term,
>> like "intermediary" or "forwarder" or... Perceptions have a very important
>> role to play here.
>>
>
> Hmm... But the point is that these aren't the same thing from the user's
> perspective. In one case, you have to trust one set of people (the vendor)
> and in the other case you need to trust two (the vendor and the proxy
> operator). The use of two terms thus preserves that distinction and
> discussion of MITM devices needs to acknowledge that distinction
> or it's not going to get very far.
>
>
> I think we are talking about two different things, which is confusing
> things. There is the organizational aspect that you discuss. Then there is
> the technical aspect of if the server component is needed for the client to
> work (as opposed to merely hard coded to make the appearance of it being
> needed). These can combine in four different permutations, and all four are
> represented in practice.
>
> In addition you can of course bundle these together in a single client in
> any combination
>

Sure, that's true.

However, I think the main *technical* issue here is what, if any, support
browsers
ought to have for allowing network operators to install credentials which
allow
them to act as a proxy for connections which would otherwise be end-to-end
secured between the client and the server. This may use the same technical
mechanisms once that's done (and in fact it currently mostly does), but from
a policy perspective it's totally different.

-Ekr
Received on Sunday, 22 June 2014 19:49:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC