RE: Trusted Proxy Alternatives Analysis from emile.stephan@orange.com on 2014-02-07 (ietf-http-wg@w3.org from January to March 2014)

From: <emile.stephan@orange.com>
Date: Fri, 7 Feb 2014 11:23:01 +0000
To: Frode Kileng <frodek@tele.no>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <11434_1391772183_52F4C216_11434_14090_1_5AE9CCAA1B4A2248AB61B4C7F0AD5FB909D1127>

Hi Frode,

The term MITM in not appropriate for these cases: the service augmentation is performed by the reverse proxy of the mobile operator. This reverse proxy receives and processes the requests for the service provided by the mobile operator.  

Regards
Emile

-----Message d'origine-----
De : Frode Kileng [mailto:frodek@tele.no] 
Envoyé : jeudi 6 février 2014 23:05
À : ietf-http-wg@w3.org
Objet : Re: Trusted Proxy Alternatives Analysis

Great initiative Peter.

Regarding "Mike's Music Service". My understanding of this is use-case is that it includes two parts:

1. Zero-rating of the mobile data traffic:
As long as the encrypted  traffic is not passing through a 3rd party proxy, the mobile operator can achieve this using traffic-meta data.

2. Identity binding
Similar to the functionality in "Liam's Mobile Identity Proxy". I.e. 
where the MITM proxy inserts an identity binding in the header for authentication towards a 3rd party service.

Regards
frodek

On 06.02.2014 18:19, Peter Lepeska wrote:
> In Zurich there was a request to look into the viability of 
> alternative technologies for the trusted proxy use cases. To help 
> organize thoughts around this, I've created a table listing each use 
> case from https://github.com/http2/http2-spec/wiki/Proxy-User-Stories
> and an attempt to describe how each of these cases can be addressed 
> using today's technology as well as alternatives:
> https://github.com/bizzbyster/TrustedProxy/wiki/Trusted-Proxy-Use-Case
> -Analysis-and-Alternatives
>
> This is just a straw man attempt to provide some organization so feel 
> free to question, comment and suggest improvements.
>
> In summary, I think all use cases where the user owns the device are 
> inadequately solved by today's technology. As for alternatives, CDNs 
> partially address a subset of the use cases potentially, and then only 
> on a site by site basis.
>
> Thanks,
>
> Peter

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Received on Friday, 7 February 2014 11:23:32 UTC