Thanks, the link got mangled. I meant https://datatracker.ietf.org/doc/draft-schwartz-modern-http-proxies/ On Tue, Oct 18, 2022 at 12:16 PM Ryan Hamilton <rch@google.com> wrote: > I think [1] should perhaps be > https://www.ietf.org/id/draft-schwartz-modern-http-proxies-00.html? > > On Tue, Oct 18, 2022 at 9:14 AM Ben Schwartz <bemasc@google.com> wrote: > >> I support the goals of the Unprompted Authentication draft. In fact, I'm >> so supportive that I recently posted a draft that happens to solve an >> overlapping problem in a very different way: "Modernizing HTTP Forward >> Proxy Functionality" [1]. >> >> To step back: confidential HTTP _resources_ are arguably a solved >> problem. We can simply place the resource at an unguessable path (e.g. >> "capability URLs" [2]). The problem mentioned by this draft occurs when >> the HTTP service is origin-scoped (e.g. it is not a resource). The only >> non-resource HTTP service that I'm aware of is forward proxy >> functionality. Thus, one way to improve confidentiality of proxies is to >> make them path-scoped, and this is what the "Modernizing" draft does. >> >> These proposals are not mutually exclusive. Path-scoped proxies have >> other benefits, and unprompted authentication could be useful for other >> services with inflexible paths (e.g. .well-known/ resources). However, >> given the overlapping use cases, these drafts should probably be discussed >> together. >> >> --Ben >> >> [1] >> https://datatracker.ietf.org/doc/draft-schwartz-modern-http-proxies/Modernizing >> HTTP Forward Proxy Functionality >> [2] https://www.w3.org/TR/capability-urls/ >> >
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:44:08 UTC