W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: "Secure" proxies for HTTP URIs [was: new version trusted-proxy20 draft]

From: Salvatore Loreto <salvatore.loreto@ericsson.com>
Date: Mon, 24 Feb 2014 09:35:19 +0000
To: Amos Jeffries <squid3@treenet.co.nz>
CC: "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Message-ID: <F62303E5-EF60-4506-9D5D-4C0215E8C517@ericsson.com>

On Feb 24, 2014, at 11:05 AM, Amos Jeffries <squid3@treenet.co.nz>

> On 24/02/2014 7:37 p.m., Mark Nottingham wrote:
>> On 24 Feb 2014, at 5:35 pm, William Chan (陈智昌) <willchan@chromium.org> wrote:
>>> I don't think that there's anything HTTP/2 specific about "secure" proxies.
>> That's kind of what I'm getting at…

I tend to agree...
the only thing that can be seen as strictly related even if not specific is
the usage of http URIs over TLS
and the role of "secure" proxies in the http URIs over TLS flow

>>> Should we decouple it and just standardize it separately from HTTP/2 (although I think it's likely that the HTTP/2 spec may want to reference it)?
>> Well, my point was that I wasn't even sure it's something "we" need to do (i.e., this WG). What actually would need to be written down?
> I think a BCP statement that connections to explicit proxy should be
> doen or at least allowed to use a TLS encrypted connection.
> Along with a list of the current explicit proxy discovery mechanisms in
> use and how TLS should be signalled in each (ie. environment variable
> http_proxy="https://..." vs. https_proxy="...")
> Guidance for implementers to follow that will provide interoperable code.

I agree with Amos here
that seems to be something reasonable to have in the main spec…

but it would be great also to have a separate draft talking about new discovery
mechanisms and the proxy interaction 


> Amos

Received on Monday, 24 February 2014 09:35:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC