- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Mon, 23 Jun 2014 12:22:59 +0200
- To: "Eric Rescorla" <ekr@rtfm.com>
- Cc: "Diego R. Lopez" <diego@tid.es>, "Martin Thomson" <martin.thomson@gmail.com>, "Julian Reschke" <julian.reschke@gmx.de>, "Martin Nilsson" <nilsson@opera.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Le Dim 22 juin 2014 18:39, Eric Rescorla a écrit : > Hmm... But the point is that these aren't the same thing from the user's > perspective. In one case, you have to trust one set of people (the vendor) > and in the other case you need to trust two (the vendor and the proxy > operator). Nope. In the first case you need to trust the vendor as cloud operator in addition to software writer. That's not the same level of trust. The only entity for which split ui is not a proxy is the vendor and that only because it implicitly trusts itself (and the same vendor will vehemently fight user-deployed proxies because "the user may have been tricked" and "the user can not be trusted". But really proxies are a way to exert power and you only feel this power when you're not the one exerting it. In the same ways cdns are not proxies from the site operator POW because he's the one that chose them) Any balanced proxy document will void those distinctions and not discriminate intermediaries in the protocol based on who deployed them. Because if you add those distinctions you're not designing a protocol you're doing your little private Yalta. Human actors (site, network operator and user) must be given information to make trust decisions based on their real-world situation, making those decisions in the protocol is hardcoding a particular balance of power. -- Nicolas Mailhot
Received on Monday, 23 June 2014 10:23:44 UTC