W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: Trusted Proxy Alternatives Analysis

From: Frode Kileng <frodek@tele.no>
Date: Sun, 09 Feb 2014 21:39:06 +0100
Message-ID: <52F7E76A.4020208@tele.no>
To: Salvatore Loreto <salvatore.loreto@ericsson.com>
CC: "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Hi Salvatore,

On 09.02.2014 14:46, Salvatore Loreto wrote:
> Hi Frode,
>
> On Feb 7, 2014, at 1:54 PM, Frode Kileng <frodek@tele.no> wrote:
>
>> Hi Emilie
>>
>> On 07.02.2014 12:23, emile.stephan@orange.com wrote:
>>> Hi Frode,
>>>
>>>   The term MITM in not appropriate for these cases: the service augmentation
>>>   is performed by the reverse proxy of the mobile operator. This reverse proxy
>>>   receives and processes the requests for the service provided by the mobile
>>>   operator.
>> Is the client configured to use this proxy? If not, I prefer to use MITM although the wording may not be the the most important isue…
> if the Music web site has partnered with a mobile operator,
> most likely that means that the Music web site has "provided" his own certificate to the mobile operate
> so the TLS session is terminated in the mobile operator reverse proxy and the user does not need any configuration.

This would of course also work.

>
> of course if the partnership does not "include" the certificate delegation then it is another story

Then end-to-end authentication is an option.

Best regards
Frode Kileng
Received on Sunday, 9 February 2014 20:39:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC