W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

draft-loreto-httpbis-trusted-proxy

From: Eliot Lear <lear@cisco.com>
Date: Wed, 19 Feb 2014 07:33:12 +0100
Message-ID: <53045028.3040205@cisco.com>
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
I support the high level idea that we should produce something along the
lines of this draft.  There are a few high level issues that should be
addressed:

1.  There needs to be a companion document discovery of this proxy.  The
discovery mechanism itself must have some notion of trust built in.

2.  The consent model needs to be more granular – on all sides.  As a
user, I don't want anyone fiddling with my banking bits, but I may want
protection from some social network site that has previously had
problems with content.  A policy statement from the content developer
can already be done, but it can also easily be stripped.  We sort of now
know how to get around that over time, through a bit of state
management.  That doesn't mean that Big Enterprise Administrator has to
let me get through to all sites if I refuse to agree to his proxy
requirements, but perhaps Bank of Eliot gets to say, “Ok, but don't talk
to me now, and wait til you're outside that proxy.”

3.  There should be clarity as to what the proxy is doing.

4.  Finally,  the user can't be nagged on every network access.  I think
point [2] covers some of this, but there needs to be a classing /
federation approach.

In summary, this is a good effort, and the work should continue.

Eliot
Received on Wednesday, 19 February 2014 06:33:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC