- From: Salvatore Loreto <salvatore.loreto@ericsson.com>
- Date: Tue, 18 Feb 2014 10:16:49 +0000
- To: Patrick McManus <pmcmanus@mozilla.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
- Message-ID: <31144FD3-F1B4-497E-9D8E-DC3A3F5C4F8C@ericsson.com>
On Feb 17, 2014, at 4:00 PM, Patrick McManus <pmcmanus@mozilla.com<mailto:pmcmanus@mozilla.com>> wrote: On Mon, Feb 17, 2014 at 1:55 AM, Salvatore Loreto <salvatore.loreto@ericsson.com<mailto:salvatore.loreto@ericsson.com>> wrote: On Feb 15, 2014, at 12:42 AM, Patrick McManus <pmcmanus@mozilla.com<mailto:pmcmanus@mozilla.com>> wrote: On Fri, Feb 14, 2014 at 1:56 PM, Salvatore Loreto <salvatore.loreto@ericsson.com<mailto:salvatore.loreto@ericsson.com>> wrote: To distinguish between an HTTP2 connection meant to transport "https" URIs resources and an HTTP2 connection meant to transport "http" URIs resource, the draft proposes to HTTP/2 doesn't require a connection to transport a consistent scheme as long as the underlying properties of the connection are sufficient for carrying all of the schemes on it. (i.e. you can't carry https:// without a minimum security set, but you can This has the effect of signaling to an on path observer which transactions, in a large stream of them, will not be able to detect a MITM interaction. I'm not in favour. a trusted proxy signals it presence during the first UA attempt to establish an "h2clr" tunnel: it honestly declares its presence So it does not do or attempt to do any MITM behaviour. you're focused on the device you envision deploying. what about a traditional MITM attacker (i.e something not adhering to your draft)? The draft proposal to define "h2clr" for http traffic does not make the environment more prone to stealthy MITMs then just having "h2" However I agree that we should work on reducing or completely eliminate the possibility of MITM secondly, any interception proxy - especially those terminating flows not addressed to them - is a MITM - almost tautologically so. yes but a trusted proxy only terminates flows not addressed to itself for the sake of explicitly advertise its presence and request consent: only the first time! If the user provides consent then browser will become proxy aware and configured (i.e. using pac file) and the flows will be addressed to proxy. If the user decides not to provide consent or to opt out then it will not terminate any flow... Perhaps not an attacker - maybe a frenemy - but definitely a MITM. why not just call it a configured Trusted Proxy?
Received on Tuesday, 18 February 2014 10:17:15 UTC