- From: Peter Lepeska <bizzbyster@gmail.com>
- Date: Wed, 26 Feb 2014 08:10:33 -0500
- To: Jeff Pinner <jpinner@twitter.com>
- Cc: Ryan Hamilton <rch@google.com>, Roland Zink <roland@zinks.de>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CANmPAYHURMsEHzVq=AMVco+8LY_qKPnE0TJjb10Q6jz=MvC+SA@mail.gmail.com>
Okay. But currently no "http"-schemed traffic runs over TLS. Do we think this will account for a significant portion of web traffic in the future? On Tue, Feb 25, 2014 at 9:35 PM, Jeff Pinner <jpinner@twitter.com> wrote: > Currently, "http" and "https" conflate the browser security model with the > transport security model. The "https" browser security model might not be > acceptable for certain resources even if the transport security model is > preferable. > > > On Tue, Feb 25, 2014 at 5:09 PM, Peter Lepeska <bizzbyster@gmail.com>wrote: > >> Hi Salvatore, >> >> As you know, I'm all for new proposals that support both Secure Proxy and >> Trusted Proxy. So thanks for writing and posting this. I'm struggling to >> understanding how http URIs over TLS work as described in your draft. My >> main question is: >> >> If the content server supports authenticated TLS, then why isn't the >> content just hosted via "https"-schemed URIs? What is the reason that the >> content server would make this content available via http schemes? >> >> Thanks, >> >> Peter >> >> >> >> >> >> >> On Tue, Feb 25, 2014 at 10:31 AM, Ryan Hamilton <rch@google.com> wrote: >> >>> I think that Will is supportive of secure proxies as he said upthread: >>> >>> Let's be clear, these are two different things. There's "secure proxy" >>> which is securing the connection between the proxy and the client. I'm >>> supportive of standardizing this. >>> >>> >>> Chrome currently supports specifying such proxies via pac files: >>> >>> http://www.chromium.org/developers/design-documents/secure-web-proxy >>> >>> >>> Cheers, >>> >>> Ryan >>> >>> >>> On Tue, Feb 25, 2014 at 1:40 AM, Roland Zink <roland@zinks.de> wrote: >>> >>>> On 24.02.2014 22:25, William Chan (ιζΊζ) wrote: >>>> >>>>> I've asked this before, and I still think it's a reasonable question. >>>>> Is there another vendor that wants to interop with this kind of proxy? >>>>> I'm asking this because I think that the purpose of standardizing such >>>>> a proposal is for interoperability across vendors, and I don't see the >>>>> point if the only implementations are Ericsson. But I may be >>>>> misunderstanding IETF policy here. >>>>> >>>> There are other implementations of "secure proxies" like Chrome on >>>> Android can use a Google proxy. Why should a user trust the Google proxy >>>> more than a proxy from <insert your favorite mobile network operator>? An >>>> interoperability would be good. >>>> >>>> >>>> >>> >> >
Received on Wednesday, 26 February 2014 13:11:06 UTC