W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Wed, 19 Feb 2014 08:10:55 -0800
Message-ID: <CAPik8yZFF_saQ1H7piYdsyK-cmeAkUT9ht7+xOYAXCrDmt5ckw@mail.gmail.com>
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: Patrick McManus <pmcmanus@mozilla.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
On Tue, Feb 18, 2014 at 8:54 PM, William Chan (陈智昌)

> Good point. This is a controversial topic that we're unlikely to see
> consensus on in the near future. Let me ask another question. Is there
> a user agent that plans on supporting this proposal? At the Zurich
> interim, IIRC, Patrick (Firefox), Rob (IE/WinInet), and I (Chromium)
> all said we do not support this.

How can any vendor know whether or not they support a feature that has not
even been well described?

> If that's in error, please speak up.
> Otherwise, if no user agent plans on supporting this, I don't see the
> value of standardizing this.

The value has been stated repeatedly. If we don't standardize it, then the
security of your users measurably goes down. Getting users to install
private trust anchors that are known to be not as well protected as the
rest of the trust anchors does a disservice to Internet security.

--Paul Hoffman
Received on Wednesday, 19 February 2014 16:17:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC