W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: Mikael Abrahamsson <swmike@swm.pp.se>
Date: Mon, 24 Feb 2014 11:56:52 +0100 (CET)
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <alpine.DEB.2.02.1402241140380.747@uplift.swm.pp.se>
On Mon, 24 Feb 2014, Ilari Liusvaara wrote:

> 5) Regarding to usescases, protocol conforming to principle of
> least priviledge and accomodiating all or even most of those (goes
> up to "Tom's Rural broadband" right now) would likely be hideously
> complicated mess of crypto.
>
> 6) Because of the last, one is pretty much limited to no trust (CONNECT)
> or full trust (GET/POST/PUT).

So I am new to this discussion, but I'll give it a go anyway.

The "mess of crypto" mentioned above, does that relate to an "onion style" 
kind of crypto, where the web server would first encrypt/sign the object 
with its own cert, and then use another one to send traffic to the proxy?

I was thinking if it was possible to keep confidentiality of the 
communication between web browser and web server, but still give the proxy 
enough information to do its job which would be caching and/or doing 
content access control.

I guess the use-cases that are being adressed by this draft are two-fold:

1. Proxy that wants to know what URLs are being used so it can 
record/limit access.

2. Proxy that contains malware detection and so on to inspect all contents 
before it's delivered to the end systems.

With 1, if the content could be encrypted by one layer of crypto and a 
second layer for the session to/from the proxy, this would solve that 
problem. The end system could still verify the contents and that it hadn't 
been tampered with.

With 2, I don't see any other solution than the one suggested in the 
discussed draft with the proxy having full MITM capability.

If people were in the technical plenary session in Vancouver at IETF88, I 
was the one requesting more work on usability when it comes to crypto. How 
the user should be informed of current network security situation (if 
proxy can inspect the traffic or not) is also a tricky one. We also need 
settings on the devices saying what apps are allowed to communicate under 
what circumstances etc. I do not want my bank app to allow MITM, whereas I 
might be ok sometimes with my web browser when I use certain web sites 
with no important content to me.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se
Received on Monday, 24 February 2014 10:57:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC