Re: Some proxy needs
"Nicolas Mailhot" <nicolas.mailhot@laposte.net> Sun, 08 April 2012 20:03 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60AE421F84EE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 8 Apr 2012 13:03:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.47
X-Spam-Level:
X-Spam-Status: No, score=-10.47 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwuwXMPfn2fJ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 8 Apr 2012 13:03:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id BB24821F84DE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 8 Apr 2012 13:03:41 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SGyJj-00079u-SB for ietf-http-wg-dist@listhub.w3.org; Sun, 08 Apr 2012 20:02:31 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <nicolas.mailhot@laposte.net>) id 1SGyJa-000793-Bd for ietf-http-wg@listhub.w3.org; Sun, 08 Apr 2012 20:02:22 +0000
Received: from smtpout1.laposte.net ([193.253.67.226] helo=smtpout.laposte.net) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <nicolas.mailhot@laposte.net>) id 1SGyJX-00052g-6F for ietf-http-wg@w3.org; Sun, 08 Apr 2012 20:02:20 +0000
Received: from arekh.dyndns.org ([88.174.226.208]) by mwinf8501-out with ME id vY1s1i0044WQcrc03Y1s7B; Sun, 08 Apr 2012 22:01:53 +0200
Received: from localhost (localhost.localdomain [127.0.0.1]) by arekh.dyndns.org (Postfix) with ESMTP id 866D93283; Sun, 8 Apr 2012 22:01:52 +0200 (CEST)
X-Virus-Scanned: amavisd-new at arekh.dyndns.org
Received: from arekh.dyndns.org ([127.0.0.1]) by localhost (arekh.okg [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRMw8U9MxUKp; Sun, 8 Apr 2012 22:01:50 +0200 (CEST)
Received: from arekh.dyndns.org (localhost.localdomain [127.0.0.1]) by arekh.dyndns.org (Postfix) with ESMTP; Sun, 8 Apr 2012 22:01:49 +0200 (CEST)
Received: from 192.168.0.4 (SquirrelMail authenticated user nim) by arekh.dyndns.org with HTTP; Sun, 8 Apr 2012 22:01:50 +0200
Message-ID: <4d2620885d1dab5c52de68b1a4aafabd.squirrel@arekh.dyndns.org>
In-Reply-To: <81695.1333888911@critter.freebsd.dk>
References: <81695.1333888911@critter.freebsd.dk>
Date: Sun, 08 Apr 2012 22:01:50 +0200
From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
User-Agent: SquirrelMail/1.4.22-7.fc18
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Received-SPF: pass client-ip=193.253.67.226; envelope-from=nicolas.mailhot@laposte.net; helo=smtpout.laposte.net
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: lisa.w3.org 1SGyJX-00052g-6F 8538463323631363e652d0dcf6d4871e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Some proxy needs
Archived-At: <http://www.w3.org/mid/4d2620885d1dab5c52de68b1a4aafabd.squirrel@arekh.dyndns.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13405
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SGyJj-00079u-SB@frink.w3.org>
Resent-Date: Sun, 08 Apr 2012 20:02:31 +0000
Le Dim 8 avril 2012 14:41, Poul-Henning Kamp a écrit : >>4. A way to inspect most of the client communication for malware. I say most >>because : > > If the site policy is "everything gets inspected", the protocol must support > that, either by allowing inspection, or by preventing the communication. > > It site administrators choose not to, because of sound use of > decretion/legally requiments etc, that is not a relevant factor in > the standardization. Real-world is not black-and-white. A big proxy setup is a compromise between what the security people want (inspect everything for malware) and the user happiness (some privacy). For some kinds of web sites the legal risks of inspecting will outweigh the legal risks of not inspecting (user bank accesses almost certainly fall there). That only reflects the ambivalence of general law on this subject. Any law-abiding operator will try to match law as much as possible. Exceptions that won't be inspected even though the general policy is to inspect will always be a minority because setting up exception lists is administrative hell but the protocols should permit such lists to be put in place. Like Willy wrote previously, a typical proxy setup is a tiered config of general rules, positive exceptions (do it even though the general rules say you should not), and negative exceptions (don't do it anyway). There is no reason choosing to inspect or not encrypted coms won't be handled the same way. Regards, -- Nicolas Mailhot
- Re[2]: Some proxy needs Adrien W. de Croy
- Some proxy needs Nicolas Mailhot
- Re: Some proxy needs Poul-Henning Kamp
- Re: Re[2]: Some proxy needs Nicolas Mailhot
- Re: Re[2]: Some proxy needs Poul-Henning Kamp
- Re: Some proxy needs Nicolas Mailhot
- Re: Re[2]: Some proxy needs Nicolas Mailhot
- Re: Re[2]: Some proxy needs Poul-Henning Kamp
- Re: Re[2]: Some proxy needs Nicolas Mailhot
- Re: Some proxy needs Mark Nottingham
- Re: Some proxy needs Eliot Lear
- Re: Re[2]: Some proxy needs Per Buer
- Re: Re[2]: Some proxy needs Nicolas Mailhot
- Re: Re[2]: Some proxy needs Nicolas Mailhot
- Re: Re[2]: Some proxy needs Per Buer
- Re: Re[2]: Some proxy needs Per Buer
- Re: Some proxy needs Adrien W. de Croy
- Re: Re[2]: Some proxy needs Roberto Peon
- Re: Some proxy needs Anthony Bryan