W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Secure Proxy definition [was: "Secure" proxies for HTTP URIs]

From: Salvatore Loreto <salvatore.loreto@ericsson.com>
Date: Thu, 27 Feb 2014 08:17:19 +0000
To: William Chan (陈智昌) <willchan@chromium.org>, "Mark Nottingham" <mnot@mnot.net>
CC: Peter Lepeska <bizzbyster@gmail.com>, Paul Hoffman <paul.hoffman@gmail.com>, Patrick McManus <pmcmanus@mozilla.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <E381ACF3-FB08-4AB2-B922-5C76DA402D0C@ericsson.com>
IMO the HTTP2 spec should contain a definition of "Secure Proxy".

A definition is necessary because at moment we don't have the definition anywhere
while it is something (similar?) to what Chrome already supports and
and there something also on the Firefox roadmap (i.e. Patrick whiteboard)

So what I am asking for is just a definition,
and I guess that it also (please correct me if I have misinterpreted),
in line with William request to standardise the "Secure Proxy" in a separate spec but reference it in the HTTP/2

and it should easily fit in the #413 issue

best regards
Salvatore

On Feb 24, 2014, at 8:35 AM, William Chan (陈智昌) <willchan@chromium.org<mailto:willchan@chromium.org>> wrote:

On Sun, Feb 23, 2014 at 10:31 PM, Mark Nottingham <mnot@mnot.net<mailto:mnot@mnot.net>> wrote:

On 20 Feb 2014, at 11:40 am, William Chan (陈智昌) <willchan@chromium.org<mailto:willchan@chromium.org>> wrote:

Let's be clear, these are two different things. There's "secure proxy" which is securing the connection between the proxy and the client. I'm supportive of standardizing this.

There seems to be a reasonable amount of support for this, and no dissent that I've heard.

What needs to be specified here? We don't say much about proxies yet. I suppose we might need something like RFC2818 for secure proxies, but that seems somewhat straightforward, and it might be better for that to happen in the TLS WG (indeed, our charter pretty much says so).

I don't think that there's anything HTTP/2 specific about "secure"
proxies. Should we decouple it and just standardize it separately from
HTTP/2 (although I think it's likely that the HTTP/2 spec may want to
reference it)?


Note that I've just opened <https://github.com/http2/http2-spec/issues/413> to talk about proxies a bit more in general.

Cheers,

Received on Thursday, 27 February 2014 08:17:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC