Re: The future of forward proxy servers in an http/2 over TLS world from Poul-Henning Kamp on 2017-02-28 (ietf-http-wg@w3.org from January to March 2017)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 28 Feb 2017 21:26:25 +0000
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
cc: Alex Rousskov <rousskov@measurement-factory.com>, HTTP working group mailing list <ietf-http-wg@w3.org>, Mark Nottingham <mnot@mnot.net>
Message-ID: <58014.1488317185@critter.freebsd.dk>

--------
In message <20170228200936.C5AB71F5E9@welho-filter3.welho.com>, Kari Hurtta writes:


>Yes, this looks like common sense. And still no one browser does that.

I think common sense can be summarized as follows:

1. If any proxy is involved, both the client and server should know
   that, so that they can judge for themselves to what extent they
   want to trust the proxy.

2. A legitimate proxy has no reason to try hide its own existence
   or to deliberately reduce the security, privacy or integrity of
   the communication, beyond what is required for doing its job.

3. It should be as hard as possible to insert and hide an ilegitimate
   proxy (=MITM attack) which undetected can impact security, privacy
   or integrity of the communication.

On the client side the only politically reasonable and neutral
solution is to announce the precense of a proxy by inserting a
prominent identification of it above the address bar, so that the
user sees:

	BIGCORP Inc. Proxy (Contact IT/Bill x1234) inspects this connection

	https://mybank.com/

Or as it may be:

	ELBONIA Government National & Child safety Proxy inspects this connection

	http://bikeshed.org

The "proxybar" should be suitably decorated to indicate if the
connection to the proxy has any kind of privacy and if there is any
reason to think that the proxy really is who it claims to be.

The current "political" stance by the user agents means that literally
millions of people are behind proxies, legitimate and ilegitimate,
without knowing it or being able to see it, without significant
X.509-skillz.

As for the political fight for a fundamental human right to privacy:

More people would probably pay attention, if they could clearly see
who tried to mess with their communication.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 28 February 2017 21:27:19 UTC