- From: Toerless Eckert <tte@cs.fau.de>
- Date: Mon, 20 Jul 2020 09:19:59 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: ietf-http-wg@w3.org
On Mon, Jul 20, 2020 at 05:02:14PM +1000, Mark Nottingham wrote: > This question is likely better asked on the DoH or another list, as it's not specific to HTTP. > Thanks, Mark, i can ask there too, but i was thinking that the particular proxy functionality would be specific to http. E.g.: can i tunnel e2e encrypted through a http proxy ? Cheers Toerless > Cheers, > > > > On 20 Jul 2020, at 2:51 am, Toerless Eckert <tte@cs.fau.de> wrote: > > > > I hope a (simple?) user question is acceptable on this list, apologize if not. > > > > What (if any) IETF/W3C standards exist to complete the following workflow: > > > > - all for client/initiator (eg.: browser) > > - Assume some DoH method for DNS lookups > > - DNS lookup for www.example.com > > - get in reply something like: (?) > > www.example.com trusts the following proxy.com > > - Build TLS connection to proxy.com (?) > > - Tunnel end-to-end https connection to www.example.com across (?) > > that TLS connection to proxy.com > > Aka: do not want proxy.com to be able to decrypt end-to-end payload. > > > > Aka: I am am unclear if there are appropriate DNS RRs to support the > > following steps and if/how it is actually possible to have end-to-end > > encryption across such an also encrypted proxy connection. > > > > The use-case is obvious not to have network layer exposure on > > the path between client and proxy that the connection is with www.example.com > > and on path between proxy and www.example.com that connection is for client. > > > > Thanks! > > Toerless > > > > > > > > -- > Mark Nottingham https://www.mnot.net/ -- --- tte@cs.fau.de
Received on Monday, 20 July 2020 07:40:29 UTC