W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Proxies (includes call for adopting new work item, call for input)

From: Martin Nilsson <nilsson@opera.com>
Date: Mon, 23 Jun 2014 00:48:52 +0200
To: "Diego R. Lopez" <diego@tid.es>, "Eric Rescorla" <ekr@rtfm.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <op.xhvobqzniw9drz@beryllium.bredbandsbolaget.se>
On Mon, 23 Jun 2014 00:26:25 +0200, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
>
> On Sun, Jun 22, 2014 at 1:48 PM, Diego R. Lopez <diego@tid.es> wrote:
>>
>> On 22 Jun 2014, at 21:48 , Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>> However, I think the main *technical* issue here is what, if any,  
>>> support browsers
>>> ought to have for allowing network operators to install credentials  
>>> which allow
>>> them to act as a proxy for connections which would otherwise be  
>>> end-to-end
>>> secured between the client and the server. This may use the same  
>>> technical
>>> mechanisms once that's done (and in fact it currently mostly does),  
>>> but from
>>> a policy perspective it's totally different.
>>
>> I disagree: I see the split UA policy-wise equivalent to the proxy once  
>> you install your browser: you put your trust on the browser developers  
>> >>*and* on the the proxy operator: when you install the browser you  
>> take a single leap of faith, from that moment on you (implicitly)  
>> putting your >>trust on the proxy operator: whether it is the same or a  
>> different organization that develop the browser is immaterial.
>
> I'm not sure what to tell you. It doesn't seem like a very complicated  
> piece of
> security analysis that trusting two people is a bigger deal than  
> trusting one.
> And this is before we get to the fact that in many cases the MITM proxies
> are in place specifically to ensure that the user uses the browser in  
> accordance
> with the network's policies rather than his own, a situation that does  
> not apply
> in a typical split browser scenario.
>

Well, it's clear that the answer to the question if this needs to be  
discussed in a proxy document is yes.

/Martin Nilsson

-- 
Using Opera's mail client: http://www.opera.com/mail/
Received on Sunday, 22 June 2014 22:49:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC