W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: 陈智昌 <willchan@chromium.org>
Date: Wed, 19 Feb 2014 16:32:11 -0800
Message-ID: <CAA4WUYjCy=ku_-_i0GykbYDT3jdJ1fJtmqnv+oNJ3HDM-qOkjw@mail.gmail.com>
To: Thomas Fossati <TFossati@velocix.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
On Wed, Feb 19, 2014 at 1:24 PM, Thomas Fossati <TFossati@velocix.com> wrote:
> On 19/02/2014 07:37, "William Chan (陈智昌)" <willchan@chromium.org> wrote:
>>That said, I still agree
>>with Patrick that there doesn't seem any reason to allow
>>differentiation of http vs https traffic. If the user agent and origin
>>agree to put http traffic over a user-agent<=>origin TLS connection,
>>then they should be allowed to do so without having to mark it via
>>ALPN.
>
> As far as I understand, the browser could just decide to use h2 for
> everything and thus opt-out completely.

I see, if this is just an option, then I'm less concerned. But let's
only standardize an option that implementations plan on using. What
user agent plans on supporting this? I can't see Chromium doing this.

>
> The h2clr flag is a hint that the user agent can give to the network.  It
> allows an on-path proxy to jump in, provide strong identity proof, and (if
> explicitly allowed) MITM the user’s http requests sent over HTTP/2.0+TLS.
>
> Thus, under user consent, the cache/inspection/whatever function for
> non-https traffic that used to work with cleartext HTTP/1.x is re-enabled.
>  Win-win?

Users will not grok this prompt for the user consent, so I can't
imagine prompting the user in Chromium. I'm curious what other user
agent implementers think.

>
> Cheers
>
Received on Thursday, 20 February 2014 00:32:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC