- From: Diego R. Lopez <diego@tid.es>
- Date: Tue, 17 Jun 2014 00:55:24 +0000
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, Martin Nilsson <nilsson@opera.com>, "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
On 16 Jun 2014, at 13:54 , Mark Nottingham <mnot@mnot.net> wrote: >> The mechanism we are proposing is just a way for the Proxy to manifest itself to ask for consent the end user and consequently the browser >> and then in the case the end user provides the consent for the proxy to stay in between, > > Right, but as Stephen has pointed out separately, doing so has a huge potential affect on the TLS ecosystem. > > Also, how will this work with existing browsers who aren�t aware of your cert extensions? As far as I can tell Stephen's objections were about a proxy acting as intermediary in a connection using HTTPS, where end-to-end peer authentication takes place. The draft deals with opportunistic TLS, and in this respect the explicit user consent proposed there is an advance with respect what could become a common practice of putting an intermediary the user is completely oblivious to. This can always be done when opportunistic encryption is intended, and proposals like draft-ietf-httpbis-http2-encryption do acknowledge they can only try to mitigate such behaviors. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego@tid.es Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra pol�tica de env�o y recepci�n de correo electr�nico en el enlace situado m�s abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx
Received on Tuesday, 17 June 2014 00:55:41 UTC