W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: "Secure" proxies for HTTP URIs [was: new version trusted-proxy20 draft]

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 24 Feb 2014 22:05:30 +1300
Message-ID: <530B0B5A.4090508@treenet.co.nz>
To: ietf-http-wg@w3.org
On 24/02/2014 7:37 p.m., Mark Nottingham wrote:
> 
> On 24 Feb 2014, at 5:35 pm, William Chan (ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org> wrote:
> 
>> I don't think that there's anything HTTP/2 specific about "secure" proxies.
> 
> That's kind of what I'm getting at...
> 
>> Should we decouple it and just standardize it separately from HTTP/2 (although I think it's likely that the HTTP/2 spec may want to reference it)?
> 
> Well, my point was that I wasn't even sure it's something "we" need to do (i.e., this WG). What actually would need to be written down?
> 

I think a BCP statement that connections to explicit proxy should be
doen or at least allowed to use a TLS encrypted connection.
Along with a list of the current explicit proxy discovery mechanisms in
use and how TLS should be signalled in each (ie. environment variable
http_proxy="https://..." vs. https_proxy="...")

Guidance for implementers to follow that will provide interoperable code.

Amos
Received on Monday, 24 February 2014 09:05:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC