W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: Thomas Fossati <TFossati@velocix.com>
Date: Wed, 19 Feb 2014 16:27:33 +0000
To: Peter Lepeska <bizzbyster@gmail.com>, William Chan (ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>
CC: Paul Hoffman <paul.hoffman@gmail.com>, Patrick McManus <pmcmanus@mozilla.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
Message-ID: <DA86AAEF6E448540808AFA696EA47E5A71FE44E0@EXB01-MLT.corp.velocix.com>
On 19/02/2014 15:30, "Peter Lepeska" <bizzbyster@gmail.com<mailto:bizzbyster@gmail.com>> wrote:
Salvatore's draft has some really good ideas but it does not attempt to address #2 above, which most agreed was the sticking point on trusted proxy, which we distinguish from "secure proxy" by the fact that a trusted proxy can see https-schemed traffic in plaintext.

Actually, it looks like the extended key usage bit in the proxy certificate (http://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01#section-3.1) would be a handy hook to customise the UX for this use case.
Received on Wednesday, 19 February 2014 16:28:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC