UI | Re: The future of forward proxy servers in an http/2 over TLS world

From: Alex Rousskov <rousskov@measurement-factory.com>

> I continue to resist the temptation to tell browser folks how to do UI.


> I am sure that they can build great UIs, and that they do not need this
> WG "help" with that. 

Sometime WG does that.


| 4.1.  Security Indicators
|    User Agents MUST NOT provide any special security indicia when an
|   "http" resource is acquired using TLS.  In particular, indicators
|    that might suggest the same level of security as "https" MUST NOT be
|   used (e.g., a "lock device").

I was not suggesting any requirement on here:


| In that case location bar probbaly need to be two lines:
| First line tells proxy and certificate status of proxy URL
| Second line tells reported certifcate of server and visited URL

"probbaly" should be "probably".

From: Poul-Henning Kamp <phk@phk.freebsd.dk> 

> On the client side the only politically reasonable and neutral
> solution is to announce the precense of a proxy by inserting a
> prominent identification of it above the address bar, so that the
> user sees:
> 	BIGCORP Inc. Proxy (Contact IT/Bill x1234) inspects this connection
> 	https://mybank.com/
> Or as it may be:
> 	ELBONIA Government National & Child safety Proxy inspects this connection
> 	http://bikeshed.org

Yes, that is similar than what I was meaning.

But I'm not suggesting any requirements.

That was just similar than my suggestion for UI on
on CONNECT errors.



	Message from proxy <proxy URL>

	[View proxy message]


And [View proxy message]  is button which

- possible opens new window or tab
- Shows <proxy URL> on location bar of that window or tab
- Displays message from proxy

- Possible lock symbol reflects TLS
  of proxy connection

This is not suggesting that WG tells how to do UI.

This is more as "This is one possibility which perhaps 
resolves your requirements."

From: Alex Rousskov <rousskov@measurement-factory.com>

> It is always obvious for the browser. I assume you mean that it is not
> obvious for the user, and I agree with that (with cases not limited to
> just PAC-driven proxy selection!).

Yes, I mean that it is not obvious for the user.

/ Kari Hurtta

Received on Wednesday, 1 March 2017 06:11:32 UTC