- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 20 Jul 2020 17:02:14 +1000
- To: Toerless Eckert <tte@cs.fau.de>
- Cc: ietf-http-wg@w3.org
This question is likely better asked on the DoH or another list, as it's not specific to HTTP. Cheers, > On 20 Jul 2020, at 2:51 am, Toerless Eckert <tte@cs.fau.de> wrote: > > I hope a (simple?) user question is acceptable on this list, apologize if not. > > What (if any) IETF/W3C standards exist to complete the following workflow: > > - all for client/initiator (eg.: browser) > - Assume some DoH method for DNS lookups > - DNS lookup for www.example.com > - get in reply something like: (?) > www.example.com trusts the following proxy.com > - Build TLS connection to proxy.com (?) > - Tunnel end-to-end https connection to www.example.com across (?) > that TLS connection to proxy.com > Aka: do not want proxy.com to be able to decrypt end-to-end payload. > > Aka: I am am unclear if there are appropriate DNS RRs to support the > following steps and if/how it is actually possible to have end-to-end > encryption across such an also encrypted proxy connection. > > The use-case is obvious not to have network layer exposure on > the path between client and proxy that the connection is with www.example.com > and on path between proxy and www.example.com that connection is for client. > > Thanks! > Toerless > > > -- Mark Nottingham https://www.mnot.net/
Received on Monday, 20 July 2020 07:02:36 UTC