W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: new version trusted-proxy20 draft

From: 陈智昌 <willchan@chromium.org>
Date: Wed, 26 Feb 2014 08:12:57 -0800
Message-ID: <CAA4WUYj4EL=k0w-T-4FQCG2aD2BgHyoq3TRaX9ZjqcubFTFVvw@mail.gmail.com>
To: Peter Lepeska <bizzbyster@gmail.com>
Cc: Jeff Pinner <jpinner@twitter.com>, Ryan Hamilton <rch@google.com>, Roland Zink <roland@zinks.de>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
That's false, but pretty close to true, so I'll ignore it. In any case, it
depends if opportunistic encryption takes off. I think Patrick was
experimenting on this in collaboration with mnot@. I expect we'll hear an
update in London, and perhaps have some more discussion on the topic.


On Wed, Feb 26, 2014 at 5:10 AM, Peter Lepeska <bizzbyster@gmail.com> wrote:

> Okay. But currently no "http"-schemed traffic runs over TLS. Do we think
> this will account for a significant portion of web traffic in the future?
>
>
> On Tue, Feb 25, 2014 at 9:35 PM, Jeff Pinner <jpinner@twitter.com> wrote:
>
>> Currently, "http" and "https" conflate the browser security model with
>> the transport security model. The "https" browser security model might not
>> be acceptable for certain resources even if the transport security model is
>> preferable.
>>
>>
>> On Tue, Feb 25, 2014 at 5:09 PM, Peter Lepeska <bizzbyster@gmail.com>wrote:
>>
>>> Hi Salvatore,
>>>
>>> As you know, I'm all for new proposals that support both Secure Proxy
>>> and Trusted Proxy. So thanks for writing and posting this. I'm struggling
>>> to understanding how http URIs over TLS work as described in your draft. My
>>> main question is:
>>>
>>> If the content server supports authenticated TLS, then why isn't the
>>> content just hosted via "https"-schemed URIs? What is the reason that the
>>> content server would make this content available via http schemes?
>>>
>>> Thanks,
>>>
>>> Peter
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Feb 25, 2014 at 10:31 AM, Ryan Hamilton <rch@google.com> wrote:
>>>
>>>> I think that Will is supportive of secure proxies as he said upthread:
>>>>
>>>> Let's be clear, these are two different things. There's "secure proxy"
>>>> which is securing the connection between the proxy and the client. I'm
>>>> supportive of standardizing this.
>>>>
>>>>
>>>> Chrome currently supports specifying such proxies via pac files:
>>>>
>>>> http://www.chromium.org/developers/design-documents/secure-web-proxy
>>>>
>>>>
>>>> Cheers,
>>>>
>>>> Ryan
>>>>
>>>>
>>>> On Tue, Feb 25, 2014 at 1:40 AM, Roland Zink <roland@zinks.de> wrote:
>>>>
>>>>> On 24.02.2014 22:25, William Chan (陈智昌) wrote:
>>>>>
>>>>>> I've asked this before, and I still think it's a reasonable question.
>>>>>> Is there another vendor that wants to interop with this kind of proxy?
>>>>>> I'm asking this because I think that the purpose of standardizing such
>>>>>> a proposal is for interoperability across vendors, and I don't see the
>>>>>> point if the only implementations are Ericsson. But I may be
>>>>>> misunderstanding IETF policy here.
>>>>>>
>>>>> There are other implementations of "secure proxies" like Chrome on
>>>>> Android can use a Google proxy. Why should a user trust the Google proxy
>>>>> more than a proxy from <insert your favorite mobile network operator>? An
>>>>> interoperability would be good.
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
Received on Wednesday, 26 February 2014 16:13:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC