- From: <henry.story@bblfish.net>
- Date: Wed, 29 Apr 2015 18:08:16 +0200
- To: Willy Tarreau <w@1wt.eu>
- Cc: Michael Sweet <msweet@apple.com>, Eric Covener <covener@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On 29 Apr 2015, at 17:43, Willy Tarreau <w@1wt.eu> wrote: > > On Wed, Apr 29, 2015 at 05:38:21PM +0200, henry.story@bblfish.net wrote: >> One way to sidestep broken old proxies, is what we need to do anyway in our >> project is to use https, which is gaining momentum and adoption, even with >> its flaws. We are trying to build distributed secure Social Web, and in order >> to maintain privacy and security we need https. So those types >> of proxies are not a problem to us. > > For *your* case maybe but when you want to extend a standard (and I'd say > that there's nothing older in HTTP than the GET request which predates > headers and proxies), you have to think wide, very wide. > >> We are still very interested in proxy behavior >> because we want to allow every citizen to have his own proxy on his Freedom Box. > > Yes and local anti-virus agents deployed on the PC, accessing the traffic > in the browser before it's encrypted and which are well-known for not > following standards and causing false bug reports. yes of course. Research is needed here, as I pointed out previously. The situation may not be as bad as feared ( My Apache server worked fine for example ). This research will then help work out what the deployment strategy has to be. Is this hypothetical problem the only one? Perhaps we can put this aside for the time being and see if there are other issues that are problematic. Henry > > Willy > Social Web Architect http://bblfish.net/
Received on Wednesday, 29 April 2015 16:08:46 UTC