W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: Trusted Proxy Alternatives Analysis

From: Salvatore Loreto <salvatore.loreto@ericsson.com>
Date: Sun, 9 Feb 2014 13:46:33 +0000
To: Frode Kileng <frodek@tele.no>
CC: "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Message-ID: <E90F0145-89A1-42C1-938C-79E1B1BB2B6A@ericsson.com>
Hi Frode,

On Feb 7, 2014, at 1:54 PM, Frode Kileng <frodek@tele.no> wrote:

> Hi Emilie
> 
> On 07.02.2014 12:23, emile.stephan@orange.com wrote:
> > Hi Frode,
> >
> >  The term MITM in not appropriate for these cases: the service augmentation
> >  is performed by the reverse proxy of the mobile operator. This reverse proxy
> >  receives and processes the requests for the service provided by the mobile
> >  operator.
> 
> Is the client configured to use this proxy? If not, I prefer to use MITM although the wording may not be the the most important isue…

if the Music web site has partnered with a mobile operator,
most likely that means that the Music web site has "provided" his own certificate to the mobile operate
so the TLS session is terminated in the mobile operator reverse proxy and the user does not need any configuration.

of course if the partnership does not "include" the certificate delegation then it is another story 

br
Salvatore

> 
> Regarding the "identity binding", an alternative is of course to do this end-2-end. If this for some reason isn't an alternative, I would propose that the use case description clearly states why, both in regard to end-user experience ("User benefit") and/or service/network provider issues ("Admin Benefit").
> 
> Regards
> Frode Kileng
> 
> 
Received on Sunday, 9 February 2014 13:47:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC