- From: Patrick McManus <pmcmanus@mozilla.com>
- Date: Wed, 2 Jul 2014 11:09:25 -0400
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Wednesday, 2 July 2014 15:09:51 UTC
On Wed, Jul 2, 2014 at 2:26 AM, Mark Nottingham <mnot@mnot.net> wrote: > <https://github.com/httpwg/http-extensions/issues/9> > > We need to define how a client using OppSec connects to a configured proxy I'm not sure we need to define one path. It seems like a trust and policy decision where it is sufficient to describe the mechanisms. Both proxying and tunneling are sensible under different circumstances . > Does the answer change if the proxy is http vs https? That's one input. Another is the trust relationship you have with the proxy and another might be the backend protocol capabilities of the intermediary. (i.e. does it do OppSec as a client? does it do >= the client protocol version, etc..) > Can the proxy advertise OppSec? > > devil is in the details - but generically: yes that's desirable
Received on Wednesday, 2 July 2014 15:09:51 UTC