- From: Henry Story <henry.story@bblfish.net>
- Date: Tue, 8 Mar 2011 20:57:00 +0100
- To: peter williams <home_pw@msn.com>
- Cc: "'Yngve Nysaeter Pettersen'" <yngve@opera.com>, <public-xg-webid@w3.org>
On 8 Mar 2011, at 20:37, peter williams wrote: > So, the trick to SSL MITMing is to stop thinking that the SSL MITM > properties (setup for document retrieval) have to make life difficult for > client authn. There CAN be multiple sessions, distinguished by function. One > can be intermediated, one note. One can hope EV solves the "intermediated" > issues, for the document retrieval function. One can hope that firewall > vendors (and society) can be persuade of the logic of not interfering with > those sessions aiming at user-authn to public sites. yes, this is an interesting idea to add to ISSUE-28: How does the WebID protocol interact with TLS proxies & firewalls The other trick was the Proxy Certificates we discussed last week I think. http://www.ietf.org/rfc/rfc3820.txt And there is also the option of thinking of the firewall as being your larger Operating system. Your computer is a small process in the company computer, and you are an agent in that larger space. If that is a correct way to describe your situation then it's perfectly ok if the larger OS controls your CA list, and and controls your WebID. Someone could put this altogether and write up a page on the wiki to detail these options. Henry Social Web Architect http://bblfish.net/
Received on Tuesday, 8 March 2011 19:57:36 UTC