- From: Diego R. Lopez <diego@tid.es>
- Date: Sun, 22 Jun 2014 20:48:53 +0000
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Martin Nilsson <nilsson@opera.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-id: <6673087F-958B-43CB-932E-31EBA91C4DAB@tid.es>
On 22 Jun 2014, at 21:48 , Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote: However, I think the main *technical* issue here is what, if any, support browsers ought to have for allowing network operators to install credentials which allow them to act as a proxy for connections which would otherwise be end-to-end secured between the client and the server. This may use the same technical mechanisms once that's done (and in fact it currently mostly does), but from a policy perspective it's totally different. I disagree: I see the split UA policy-wise equivalent to the proxy once you install your browser: you put your trust on the browser developers *and* on the the proxy operator: when you install the browser you take a single leap of faith, from that moment on you (implicitly) putting your trust on the proxy operator: whether it is the same or a different organization that develop the browser is immaterial. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego@tid.es Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx
Received on Sunday, 22 June 2014 20:49:24 UTC