W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: Thomas Fossati <TFossati@velocix.com>
Date: Wed, 19 Feb 2014 21:24:50 +0000
To: William Chan (陈智昌) <willchan@chromium.org>
CC: Patrick McManus <pmcmanus@mozilla.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
Message-ID: <DA86AAEF6E448540808AFA696EA47E5A71FE4677@EXB01-MLT.corp.velocix.com>
On 19/02/2014 07:37, "William Chan (陈智昌)" <willchan@chromium.org> wrote:
>That said, I still agree
>with Patrick that there doesn't seem any reason to allow
>differentiation of http vs https traffic. If the user agent and origin
>agree to put http traffic over a user-agent<=>origin TLS connection,
>then they should be allowed to do so without having to mark it via
>ALPN.

As far as I understand, the browser could just decide to use h2 for
everything and thus opt-out completely.

The h2clr flag is a hint that the user agent can give to the network.  It
allows an on-path proxy to jump in, provide strong identity proof, and (if
explicitly allowed) MITM the user’s http requests sent over HTTP/2.0+TLS.

Thus, under user consent, the cache/inspection/whatever function for
non-https traffic that used to work with cleartext HTTP/1.x is re-enabled.
 Win-win?

Cheers

Received on Wednesday, 19 February 2014 21:25:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC