- From: Sullivan, Bryan <BS3131@att.com>
- Date: Mon, 4 Aug 2008 09:51:49 -0700
- To: "Sean Owen" <srowen@google.com>, <public-bpwg-comments@w3.org>
Hi Sean, I agree with the general wording you propose, with the clarification that the user's "advice" and related "opt out" may be expressed as a preference in various ways. It does not have to be an explicit "do you want to do this at this time" prompt in each case of HTTPS link access, since that may be too burdensome to users (reducing service usage) or actually break some services (e.g. those that depend upon automated HTTP or markup-based redirection). I had ealier provided comments related to the technical hurdles of HTTPS link re-writing: http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Jul/0017.html Few of those comments appear to have made it into the document. Nonetheless, the observations are accurate and will need to be addressed by CT Proxy vendors at least, and in deployment policies by CT Proxy Operators. An effective user experience will depend upon avoiding continual prompts. Best regards, Bryan Sullivan | AT&T -----Original Message----- From: public-bpwg-comments-request@w3.org [mailto:public-bpwg-comments-request@w3.org] On Behalf Of Sean Owen Sent: Monday, August 04, 2008 9:05 AM To: public-bpwg-comments@w3.org Subject: [public-bpwg-comments] <none> Comments: 4.1.5.5 Since User-Agent has been the topic of some controversy in comments, just wanted to voice support for the recommendation as written here. While it is vital to preserve information about the mobile device, this does not imply that User-Agent cannot be changed if that information is otherwise preserved. Preserving the User-Agent through a transforming proxy is misleading; the request is *not* coming from a mobile device, but through a proxy. The origin server should be aware of this. Editorial: 4.3.6.2 I think the Note here is a good one, but may be worth expanding, since it is apparently already unclear to some how HTTPS works here. The very purpose of HTTPS is to ensure that content is not modified or read by third parties in transit, which means a transforming proxy cannot jump into an HTTPS conversation between mobile device and origin server. So there's not actually a question of whether it's illegal or unethical -- it's simply not possible (unless you have cracked SSL). It can only create a secure connection between the mobile device and itself, and between itself and the origin server. This is indeed a situation that the end user needs to understand: I suggest wording along these lines, take it or leave it as you see fit -- URIs which begin with the https scheme, when accessed, are secured against eavesdropping and modification by third parties by the SSL protocol. It is therefore not possible for a third-party transforming proxy to participate directly in such a connection between mobile device and origin server. Transforming proxies may still transform content of https resources, but at best, it involves creating a separate secure connection between device and proxy, and between proxy and origin server. These communications are secure but the secured content is of course visible to the transforming proxy. This may of course be undesirable to an end user. Therefore if a proxy rewrites https links, replacements links MUST at least use the https scheme as well, and the proxy MUST use https to communicate with the origin server. In addition the proxy MUST clearly advise the user that the potentially sensitive contents of the communication will be visible to the proxy, and must give the user an option to opt out.
Received on Monday, 4 August 2008 16:52:33 UTC