W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: Roland Zink <roland@zinks.de>
Date: Thu, 20 Feb 2014 19:25:59 +0200
Cc: Thomas Fossati <TFossati@velocix.com>, Patrick McManus <pmcmanus@mozilla.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
Message-Id: <67C66D15-9807-43D9-B9A7-8C43EBFC6303@zinks.de>
To: "William Chan (ι™ˆζ™Ίζ˜Œ)" <willchan@chromium.org>

>> 
>> Thus, under user consent, the cache/inspection/whatever function for
>> non-https traffic that used to work with cleartext HTTP/1.x is re-enabled.
>> Win-win?
> 
> Users will not grok this prompt for the user consent, so I can't
> imagine prompting the user in Chromium. I'm curious what other user
> agent implementers think.

If I would need to implement an app then I would prefer to avoid a second HTTP1/1 infrastructure for environments where a connection without inspection is not allowed. In the app there might be a general setting to allow this based on the needed privacy of the data. A app may have better knowledge about the problem domain than a browser.

Roland
Received on Thursday, 20 February 2014 17:26:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC