there is no firefox support for that right now. It would require a
convincing UI and probably interest from another client to proceed with.
The concern is obviously some kind of phish mitm any time you are asked to
display https and you display anything not authenticated by that origin.
On Wed, Feb 15, 2017 at 3:02 PM, Adrien de Croy <adrien@qbik.com> wrote:
>
> Thanks for that
>
> looks like I already knew about it lol.
>
> Do we have any idea about whether this has browser support, I assume FF so
> far only?
>
> Adrien
>
>
> ------ Original Message ------
> From: "Kari Hurtta" <hurtta-ietf@elmme-mailer.org>
> To: "Adrien de Croy" <adrien@qbik.com>
> Cc: "HTTP working group mailing list" <ietf-http-wg@w3.org>; "Kari
> Hurtta" <hurtta-ietf@elmme-mailer.org>
> Sent: 16/02/2017 8:31:25 AM
> Subject: Re: The future of forward proxy servers in an http/2 over TLS
> world
>
> This means we have a need to be able to respond to CONNECT with a
>>> denial, and some kind of message that can be displayed to the user.
>>>
>>
>> Maybe
>>
>> https://tools.ietf.org/id/draft-nottingham-proxy-explanation-00.txt
>>
>>
>> https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0390.html
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=637619#c31
>>
>> https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0419.html
>>
>> / Kari Hurtta
>>
>>
>
>