Re: new version trusted-proxy20 draft from Thomas Fossati on 2014-02-19 (ietf-http-wg@w3.org from January to March 2014)

From: Thomas Fossati <TFossati@velocix.com>
Date: Wed, 19 Feb 2014 16:27:33 +0000
To: Peter Lepeska <bizzbyster@gmail.com>, William Chan (陈智昌) <willchan@chromium.org>
CC: Paul Hoffman <paul.hoffman@gmail.com>, Patrick McManus <pmcmanus@mozilla.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
Message-ID: <DA86AAEF6E448540808AFA696EA47E5A71FE44E0@EXB01-MLT.corp.velocix.com>

On 19/02/2014 15:30, "Peter Lepeska" <bizzbyster@gmail.com<mailto:bizzbyster@gmail.com>> wrote:
Salvatore's draft has some really good ideas but it does not attempt to address #2 above, which most agreed was the sticking point on trusted proxy, which we distinguish from "secure proxy" by the fact that a trusted proxy can see https-schemed traffic in plaintext.

Actually, it looks like the extended key usage bit in the proxy certificate (http://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01#section-3.1) would be a handy hook to customise the UX for this use case.

Received on Wednesday, 19 February 2014 16:28:05 UTC