- From: Peter Lepeska <bizzbyster@gmail.com>
- Date: Wed, 26 Feb 2014 11:15:21 -0500
- To: William Chan (陈智昌) <willchan@chromium.org>
- Cc: Jeff Pinner <jpinner@twitter.com>, Ryan Hamilton <rch@google.com>, Roland Zink <roland@zinks.de>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CANmPAYFSON=NxoQxtEZ1ffNFhRoUwPsinSPxHQ5Sj3ecy3vP8A@mail.gmail.com>
"That's false, but pretty close to true, so I'll ignore it." Are you referring to the traffic that is HTTP-schemed but connected to a secure proxy over TLS as per the other thread? Is there any non-proxied http-schemed traffic running over TLS currently? Thanks! Peter On Wed, Feb 26, 2014 at 11:12 AM, William Chan (陈智昌) <willchan@chromium.org>wrote: > That's false, but pretty close to true, so I'll ignore it. In any case, it > depends if opportunistic encryption takes off. I think Patrick was > experimenting on this in collaboration with mnot@. I expect we'll hear an > update in London, and perhaps have some more discussion on the topic. > > > On Wed, Feb 26, 2014 at 5:10 AM, Peter Lepeska <bizzbyster@gmail.com>wrote: > >> Okay. But currently no "http"-schemed traffic runs over TLS. Do we think >> this will account for a significant portion of web traffic in the future? >> >> >> On Tue, Feb 25, 2014 at 9:35 PM, Jeff Pinner <jpinner@twitter.com> wrote: >> >>> Currently, "http" and "https" conflate the browser security model with >>> the transport security model. The "https" browser security model might not >>> be acceptable for certain resources even if the transport security model is >>> preferable. >>> >>> >>> On Tue, Feb 25, 2014 at 5:09 PM, Peter Lepeska <bizzbyster@gmail.com>wrote: >>> >>>> Hi Salvatore, >>>> >>>> As you know, I'm all for new proposals that support both Secure Proxy >>>> and Trusted Proxy. So thanks for writing and posting this. I'm struggling >>>> to understanding how http URIs over TLS work as described in your draft. My >>>> main question is: >>>> >>>> If the content server supports authenticated TLS, then why isn't the >>>> content just hosted via "https"-schemed URIs? What is the reason that the >>>> content server would make this content available via http schemes? >>>> >>>> Thanks, >>>> >>>> Peter >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Tue, Feb 25, 2014 at 10:31 AM, Ryan Hamilton <rch@google.com> wrote: >>>> >>>>> I think that Will is supportive of secure proxies as he said upthread: >>>>> >>>>> Let's be clear, these are two different things. There's "secure proxy" >>>>> which is securing the connection between the proxy and the client. I'm >>>>> supportive of standardizing this. >>>>> >>>>> >>>>> Chrome currently supports specifying such proxies via pac files: >>>>> >>>>> http://www.chromium.org/developers/design-documents/secure-web-proxy >>>>> >>>>> >>>>> Cheers, >>>>> >>>>> Ryan >>>>> >>>>> >>>>> On Tue, Feb 25, 2014 at 1:40 AM, Roland Zink <roland@zinks.de> wrote: >>>>> >>>>>> On 24.02.2014 22:25, William Chan (陈智昌) wrote: >>>>>> >>>>>>> I've asked this before, and I still think it's a reasonable question. >>>>>>> Is there another vendor that wants to interop with this kind of >>>>>>> proxy? >>>>>>> I'm asking this because I think that the purpose of standardizing >>>>>>> such >>>>>>> a proposal is for interoperability across vendors, and I don't see >>>>>>> the >>>>>>> point if the only implementations are Ericsson. But I may be >>>>>>> misunderstanding IETF policy here. >>>>>>> >>>>>> There are other implementations of "secure proxies" like Chrome on >>>>>> Android can use a Google proxy. Why should a user trust the Google proxy >>>>>> more than a proxy from <insert your favorite mobile network operator>? An >>>>>> interoperability would be good. >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >
Received on Wednesday, 26 February 2014 16:15:50 UTC