W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Proxies (includes call for adopting new work item, call for input)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 23 Jun 2014 16:17:23 -0700
Message-ID: <CABkgnnUXOn86zJAGD9JGk58VfDfTAjPBMCq5JAu9oiaehtmcdQ@mail.gmail.com>
To: Peter Lepeska <bizzbyster@gmail.com>
Cc: "Diego R. Lopez" <diego@tid.es>, Eric Rescorla <ekr@rtfm.com>, Martin Nilsson <nilsson@opera.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 23 June 2014 14:17,  <bizzbyster@gmail.com> wrote:
>
> But if a split UA proxy were to decrypt my TLS traffic on the server side,
> I'd want to know about it and be able to say no.

This is simply a technical limitation of this particular deployment
choice.  You can't see the actual connection that your UA makes
because it makes it somewhere remote.  It also means that the security
UI it shows needs to account for that remoteness somehow.  I'd also
want to ensure that these mechanisms are resilient against server
compromise, but that's tricky and probably not going to happen.
Received on Monday, 23 June 2014 23:17:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC