W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Proxies (includes call for adopting new work item, call for input)

From: Albert Lunde <atlunde@panix.com>
Date: Sun, 22 Jun 2014 20:34:29 -0500
Message-ID: <53A78425.8030800@panix.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 6/22/2014 3:48 PM, Diego R. Lopez wrote:
> On 22 Jun 2014, at 21:48 , Eric Rescorla <ekr@rtfm.com
>> However, I think the main *technical* issue here is what, if any,
>> support browsers
>> ought to have for allowing network operators to install credentials
>> which allow
>> them to act as a proxy for connections which would otherwise be end-to-end
>> secured between the client and the server. This may use the same technical
>> mechanisms once that's done (and in fact it currently mostly does),
>> but from
>> a policy perspective it's totally different.
>
> I disagree: I see the split UA policy-wise equivalent to the proxy once
> you install your browser: you put your trust on the browser developers
> *and* on the the proxy operator: when you install the browser you take a
> single leap of faith, from that moment on you (implicitly) putting your
> trust on the proxy operator: whether it is the same or a different
> organization that develop the browser is immaterial.

It seems like there's an important distinction between (1) all 
intermediaries that look like a "proxy" when viewed as a black box, and 
(2) intermediaries that follow some protocols on the wire standardized 
in IETF specs.

(1) can follow any protocol internally by private agreement (or just be 
a unilateral intercept by corruption of protocols, like CA and/or DNS 
spoofing.) But it still may speak standard HTTP on the outer interfaces.

One motive for trying to standardize more about proxies is to surface 
and specify legitimate use cases. ("Legitimate" as defined by the people 
owning the systems and networks involved.)

-- 
     Albert Lunde  albert-lunde@northwestern.edu
                   atlunde@panix.com  (address for personal mail)
Received on Monday, 23 June 2014 01:34:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC