Re: new version trusted-proxy20 draft

Yes there is. It's pretty negligible though. One example is that Patrick's
been running experiments. There are some older examples with Chromium. I
don't know if there's any actual traffic though:
http://www.stefanwille.com/2013/04/using-spdy-with-nginx-1-4/.


On Wed, Feb 26, 2014 at 8:15 AM, Peter Lepeska <bizzbyster@gmail.com> wrote:

> "That's false, but pretty close to true, so I'll ignore it."
>
> Are you referring to the traffic that is HTTP-schemed but connected to a
> secure proxy over TLS as per the other thread? Is there any non-proxied
> http-schemed traffic running over TLS currently?
>
> Thanks!
>
> Peter
>
>
> On Wed, Feb 26, 2014 at 11:12 AM, William Chan (陈智昌) <
> willchan@chromium.org> wrote:
>
>> That's false, but pretty close to true, so I'll ignore it. In any case,
>> it depends if opportunistic encryption takes off. I think Patrick was
>> experimenting on this in collaboration with mnot@. I expect we'll hear
>> an update in London, and perhaps have some more discussion on the topic.
>>
>>
>> On Wed, Feb 26, 2014 at 5:10 AM, Peter Lepeska <bizzbyster@gmail.com>wrote:
>>
>>> Okay. But currently no "http"-schemed traffic runs over TLS. Do we think
>>> this will account for a significant portion of web traffic in the future?
>>>
>>>
>>> On Tue, Feb 25, 2014 at 9:35 PM, Jeff Pinner <jpinner@twitter.com>wrote:
>>>
>>>> Currently, "http" and "https" conflate the browser security model with
>>>> the transport security model. The "https" browser security model might not
>>>> be acceptable for certain resources even if the transport security model is
>>>> preferable.
>>>>
>>>>
>>>> On Tue, Feb 25, 2014 at 5:09 PM, Peter Lepeska <bizzbyster@gmail.com>wrote:
>>>>
>>>>> Hi Salvatore,
>>>>>
>>>>> As you know, I'm all for new proposals that support both Secure Proxy
>>>>> and Trusted Proxy. So thanks for writing and posting this. I'm struggling
>>>>> to understanding how http URIs over TLS work as described in your draft. My
>>>>> main question is:
>>>>>
>>>>> If the content server supports authenticated TLS, then why isn't the
>>>>> content just hosted via "https"-schemed URIs? What is the reason that the
>>>>> content server would make this content available via http schemes?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Feb 25, 2014 at 10:31 AM, Ryan Hamilton <rch@google.com>wrote:
>>>>>
>>>>>> I think that Will is supportive of secure proxies as he said upthread:
>>>>>>
>>>>>> Let's be clear, these are two different things. There's "secure proxy"
>>>>>> which is securing the connection between the proxy and the client. I'm
>>>>>> supportive of standardizing this.
>>>>>>
>>>>>>
>>>>>> Chrome currently supports specifying such proxies via pac files:
>>>>>>
>>>>>> http://www.chromium.org/developers/design-documents/secure-web-proxy
>>>>>>
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Ryan
>>>>>>
>>>>>>
>>>>>> On Tue, Feb 25, 2014 at 1:40 AM, Roland Zink <roland@zinks.de> wrote:
>>>>>>
>>>>>>> On 24.02.2014 22:25, William Chan (陈智昌) wrote:
>>>>>>>
>>>>>>>> I've asked this before, and I still think it's a reasonable
>>>>>>>> question.
>>>>>>>> Is there another vendor that wants to interop with this kind of
>>>>>>>> proxy?
>>>>>>>> I'm asking this because I think that the purpose of standardizing
>>>>>>>> such
>>>>>>>> a proposal is for interoperability across vendors, and I don't see
>>>>>>>> the
>>>>>>>> point if the only implementations are Ericsson. But I may be
>>>>>>>> misunderstanding IETF policy here.
>>>>>>>>
>>>>>>> There are other implementations of "secure proxies" like Chrome on
>>>>>>> Android can use a Google proxy. Why should a user trust the Google proxy
>>>>>>> more than a proxy from <insert your favorite mobile network operator>? An
>>>>>>> interoperability would be good.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>