W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: "Secure" proxies for HTTP URIs [was: new version trusted-proxy20 draft]

From: James Cloos <cloos@jhcloos.com>
Date: Mon, 24 Feb 2014 21:58:59 -0500
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: (wrong string) ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, Mark Nottingham <mnot@mnot.net>, Salvatore Loreto <salvatore.loreto@ericsson.com>, Peter Lepeska <bizzbyster@gmail.com>, Paul Hoffman <paul.hoffman@gmail.com>, Patrick McManus <pmcmanus@mozilla.com>
Message-ID: <m3ppmbzylv.fsf@carbon.jhcloos.org>
There are only a few things http/2 should say about proxies:

Proxies MAY use http/2 to grab the resources for which clients ask.

Proxies MAY offer http/2 to clients.

Clients seeking https URIs via a proxy MUST use CONNECT and end-to-end tls.

If anyone wants a proxy to cache anything, and also wants to use http/2,
they MUST use http-upgrade (rather than alpn) to specify their preference
for http/2 instead of http/1.

(If anyone has a legal requirement to avoid end-to-end encryption, they
MUST accomplish that by avoiding TLS between client and proxy.  Such
requirements MUST not affect the rest of us.)

James Cloos <cloos@jhcloos.com>         OpenPGP: 1024D/ED7DAEA6
Received on Tuesday, 25 February 2014 03:02:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC