Re: new version trusted-proxy20 draft from Nicolas Mailhot on 2014-02-19 (ietf-http-wg@w3.org from January to March 2014)

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Wed, 19 Feb 2014 09:51:37 +0100
To: "William Chan (陈智昌)" <willchan@chromium.org>
Cc: "Paul Hoffman" <paul.hoffman@gmail.com>, "Patrick McManus" <pmcmanus@mozilla.com>, "Salvatore Loreto" <salvatore.loreto@ericsson.com>, "HTTP Working Group" <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, "GUS BOURG" <gb3635@att.com>
Message-ID: <fb3483a833bc68f22ad8c241a6204318.squirrel@arekh.dyndns.org>

Le Mer 19 février 2014 05:54, William Chan (陈智昌) a écrit :
> On Tue, Feb 18, 2014 at 8:18 PM, Paul Hoffman <paul.hoffman@gmail.com>
> wrote:
>> On Tue, Feb 18, 2014 at 6:02 PM, William Chan (陈智昌)
>> <willchan@chromium.org>
>> wrote:
>>>
>>>
>>> And furthermore, I should add that I don't really think it's in the
>>> users' interests to have an intermediary be able to snoop listen in on
>>> all their https traffic. I don't really see the value for end users in
>>> standardizing any mechanism for doing this. Is there any?
>>
>>
>> This still comes back to the theory that a trusted, explicit firewall,
>> such
>> as a corporate firewall, should be able to snoop on all traffic leaving
>> the
>> protected network. There are plenty of good reasons to do this, and
>> plenty
>> of people who disagree that there are any possible reasons.
>
> Good point. This is a controversial topic that we're unlikely to see
> consensus on in the near future.

Are there still people who deny the law (even in democratic countries)
requires such snooping in some contexts? For example traders have to
enable snooping to prove they are not performing insider trading at work
and I'm sure there are lots of other cases I don't know of.

> Let me ask another question. Is there
> a user agent that plans on supporting this proposal? At the Zurich
> interim, IIRC, Patrick (Firefox), Rob (IE/WinInet), and I (Chromium)
> all said we do not support this. If that's in error, please speak up.
> Otherwise, if no user agent plans on supporting this, I don't see the
> value of standardizing this.

Let me reverse the proposition: there are lots of proxy-using
organisations which have refused all user-agent attempts to remove proxies
for more than a decade. They represent a significant part of the http1
user base. If there is no plan to support this use case there is no point
on this workgroup since its charter is not met.

Of course user agents representatives may be working on another proposal
I'm not aware of. If that's the  case all is fine, please share it!

Regards,

-- 
Nicolas Mailhot

Received on Wednesday, 19 February 2014 08:52:23 UTC