- From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Thu, 16 Feb 2017 19:21:34 +0200 (EET)
- To: Patrick McManus <mcmanus@ducksong.com>
- CC: Adrien de Croy <adrien@qbik.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
Patrick McManus <mcmanus@ducksong.com>: (Wed Feb 15 22:22:14 2017) > (firefox hat) > > we trust the error came from the proxy - but we don't trust displaying > custom text it in the usual way without significant UI around it as we > would normal content - content comes from the origin and in https is > authenticated as coming from the origin. While we will authenticate a proxy > (and its a good feature!), we aren't trusting it to generate https:// > content - just transport it over a CONNECT tunnel so if there is an an > error message that isn't generated by the origin, we would need a different > way to display it. I'm not saying that's impossible - I'm just saying it > doesn't exist. > > we would need new UI for messages clearly from an authenticated (I'm not > sure I would use the word trusted) third party. The alternative, as you > mention, is to double down on two-party communication - that imperils the > traditional role of proxy. Some people feel that's a better model and some > disagree. That fight continues in what people choose to implement. My sugeestion for UI is -------------- Message from proxy <proxy URL> [View proxy message] -------------- And [View proxy message] is button which - possible opens new window or tab - Shows <proxy URL> on location bar of that window or tab - Displays message from proxy - Possible lock symbol reflects TLS of proxy connection That way this is equivalent to navigation to another site. And because "navigation" does not happen automatically, change of location bar is not hidden from user. / Kari Hurtta
Received on Thursday, 16 February 2017 17:22:25 UTC