new version trusted-proxy20 draft
Salvatore Loreto <salvatore.loreto@ericsson.com> Fri, 14 February 2014 18:59 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D001A02F2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 14 Feb 2014 10:59:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.449
X-Spam-Level:
X-Spam-Status: No, score=-7.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOooXs2IGiU9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 14 Feb 2014 10:59:05 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id A10E81A0278 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 14 Feb 2014 10:59:04 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1WENx0-0005fO-Vd for ietf-http-wg-dist@listhub.w3.org; Fri, 14 Feb 2014 18:57:27 +0000
Resent-Date: Fri, 14 Feb 2014 18:57:26 +0000
Resent-Message-Id: <E1WENx0-0005fO-Vd@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <salvatore.loreto@ericsson.com>) id 1WENwq-0005bM-PW for ietf-http-wg@listhub.w3.org; Fri, 14 Feb 2014 18:57:16 +0000
Received: from mailgw1.ericsson.se ([193.180.251.45]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <salvatore.loreto@ericsson.com>) id 1WENwn-0002ua-M1 for ietf-http-wg@w3.org; Fri, 14 Feb 2014 18:57:16 +0000
X-AuditID: c1b4fb2d-b7f5d8e000002a7b-b9-52fe66f30798
Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.183.42]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 84.67.10875.3F66EF25; Fri, 14 Feb 2014 19:56:51 +0100 (CET)
Received: from ESESSMB109.ericsson.se ([169.254.9.236]) by ESESSHC008.ericsson.se ([153.88.183.42]) with mapi id 14.02.0387.000; Fri, 14 Feb 2014 19:56:15 +0100
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
CC: "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>
Thread-Topic: new version trusted-proxy20 draft
Thread-Index: AQHPKbZvMgDBE/GT0EeSmbMJUq1iHw==
Date: Fri, 14 Feb 2014 18:56:14 +0000
Message-ID: <449272CA-71CB-4D7D-B431-A42140346B27@ericsson.com>
References: <20140214184207.27936.53657.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.149]
Content-Type: multipart/alternative; boundary="_000_449272CA71CB4D7DB431A42140346B27ericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrMLMWRmVeSWpSXmKPExsUyM2K7lu7ntH9BBoveC1m8PXGJyeJwyywm ByaPL5c/s3kcnbefNYApissmJTUnsyy1SN8ugStj0/5ZzAWbjSrm/P3O2sC4XquLkZNDQsBE YubBhYwQtpjEhXvr2boYuTiEBA4ySjy52cgE4SxhlPg2bTILSBWbgJnE84dbmEFsEQEdiY6W xUBFHBzMAoUS06fzg4SFBbQkLnW8Z4Qo0Zd433IVytaT+LjjCTuIzSKgKvFvDUQNr4C9xK2p /8FsIQFHifM/28FWMQId9P3UGiYQm1lAXOLWk/lMEIcKSCzZc54ZwhaVePn4HyuErSSx9vB2 Foj6ZImn/edYIOYLSpyc+YRlAqPILCSjZiEpm4WkDCKuI7Fg9yc2CFtbYtnC18ww9pkDj4F6 QT62lphxQAtZyQJGjlWM7LmJmTnp5YabGIERdXDLb90djKfOiRxilOZgURLn/fDWOUhIID2x JDU7NbUgtSi+qDQntfgQIxMHp1QDY4nez85lZfuPHt+6pURVVXuW6NSAq433NH65HDR64CPY u1Nq7ZZZqz9tu5Tj/oXFcS9/lBcTy+us1g9Tt3RMeH0g/rleQTRbr1PdnsIKt14PR9Ggr6U6 f7dnh/6vumNgtUXtSrCNXlLapyWdTO/LZDgTm7uWO2jHc9hdSWvbkhK04ub94om8SizFGYmG WsxFxYkAIUVE13YCAAA=
Received-SPF: pass client-ip=193.180.251.45; envelope-from=salvatore.loreto@ericsson.com; helo=mailgw1.ericsson.se
X-W3C-Hub-Spam-Status: No, score=-4.0
X-W3C-Hub-Spam-Report: AWL=-1.714, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1WENwn-0002ua-M1 83e794fbe7986ff4af90307997c99124
X-Original-To: ietf-http-wg@w3.org
Subject: new version trusted-proxy20 draft
Archived-At: <http://www.w3.org/mid/449272CA-71CB-4D7D-B431-A42140346B27@ericsson.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/22233
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
dear wg we have submitted a new version of the "Explicit Trusted Proxy in HTTP/2.0" draft I want to highlight that the only change asked by this draft in order to support an Explicit Trusted Proxy is the definition of a new ALPN protocol id value as you can read in the Abstract below. No other changes to HTTP2 spec neither to the TLS protocol are required. Abstract: The purpose of this Internet Draft is to continue the discussion on explicit and trusted proxy as intermediary of HTTP2 traffic. The httpbis wg has agreed on the HTTP2 usage with HTTP URIs, with or without TLS, without any constraints from the standard (see: issue 314). To distinguish between an HTTP2 connection meant to transport "https" URIs resources and an HTTP2 connection meant to transport "http" URIs resource, the draft proposes to register a new value in the Application Layer Protocol negotiation (ALPN) Protocol IDs registry specific to signal the usage of HTTP2 to transport "http" URIs resources: h2clr. This document describes two alternative methods for an user-agent to automatically discover and for an user to provide consent for a Trusted Proxy to be securely involved when he or she is requesting an HTTP URI resource over HTTP2 with TLS. Section 3.1 proposes a solution based on sending a proxy certificate in the TLS handshake. Section 3.2 proposes a solution based on the presence of a Captive Proxy. The consent is supposed to be per network access. The draft also describes the role of the Trusted Proxy in helping the user to fetch HTTP URIs resource when the user has provided consent to the Trusted Proxy to be involved. URL: http://www.ietf.org/internet-drafts/draft-loreto-httpbis-trusted-proxy20-01.txt Status: https://datatracker.ietf.org/doc/draft-loreto-httpbis-trusted-proxy20/ Htmlized: http://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-loreto-httpbis-trusted-proxy20-01 Comments, suggestion and feedback are really welcome best regards Salatore
- new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Patrick McManus
- Re: new version trusted-proxy20 draft Thomas Fossati
- Re: new version trusted-proxy20 draft Thomas Fossati
- Re: new version trusted-proxy20 draft Paul Hoffman
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Patrick McManus
- Re: new version trusted-proxy20 draft Nicolas Mailhot
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Fabian Keil
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Patrick McManus
- Re: new version trusted-proxy20 draft Paul Hoffman
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Paul Hoffman
- Re: new version trusted-proxy20 draft Paul Hoffman
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Thomas Fossati
- Re: new version trusted-proxy20 draft Thomas Fossati
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Nicolas Mailhot
- Re: new version trusted-proxy20 draft Nicolas Mailhot
- Re: new version trusted-proxy20 draft Fabian Keil
- Re: new version trusted-proxy20 draft Amos Jeffries
- Re: new version trusted-proxy20 draft Peter Lepeska
- Re: new version trusted-proxy20 draft Paul Hoffman
- Re: new version trusted-proxy20 draft Thomas Fossati
- Re: new version trusted-proxy20 draft Patrick McManus
- Re: new version trusted-proxy20 draft Patrick McManus
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Thomas Fossati
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- RE: new version trusted-proxy20 draft Liliana Dinale
- Re: new version trusted-proxy20 draft Roland Zink
- Re: new version trusted-proxy20 draft Patrick McManus
- Re: new version trusted-proxy20 draft Ilari Liusvaara
- "Secure" proxies for HTTP URIs [was: new version … Mark Nottingham
- Re: "Secure" proxies for HTTP URIs [was: new vers… William Chan (陈智昌)
- Re: "Secure" proxies for HTTP URIs [was: new vers… Mark Nottingham
- Re: "Secure" proxies for HTTP URIs [was: new vers… William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Ilari Liusvaara
- Re: new version trusted-proxy20 draft Mikael Abrahamsson
- Re: "Secure" proxies for HTTP URIs [was: new vers… Amos Jeffries
- Re: "Secure" proxies for HTTP URIs [was: new vers… Salvatore Loreto
- Re: "Secure" proxies for HTTP URIs [was: new vers… Nicolas Mailhot
- Re: "Secure" proxies for HTTP URIs [was: new vers… Nicolas Mailhot
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft Mikael Abrahamsson
- Re: new version trusted-proxy20 draft Ilari Liusvaara
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: "Secure" proxies for HTTP URIs [was: new vers… Patrick McManus
- Re: new version trusted-proxy20 draft Nicolas Mailhot
- Re: "Secure" proxies for HTTP URIs [was: new vers… Salvatore Loreto
- Re: new version trusted-proxy20 draft Bjoern Hoehrmann
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Salvatore Loreto
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Paul Ferguson
- Re: "Secure" proxies for HTTP URIs [was: new vers… James Cloos
- Re: "Secure" proxies for HTTP URIs [was: new vers… Nicolas Mailhot
- Re: new version trusted-proxy20 draft Roland Zink
- Re: new version trusted-proxy20 draft Ryan Hamilton
- Re: new version trusted-proxy20 draft Peter Lepeska
- Re: new version trusted-proxy20 draft Jeff Pinner
- Re: "Secure" proxies for HTTP URIs [was: new vers… Amos Jeffries
- Re: new version trusted-proxy20 draft Peter Lepeska
- Re: "Secure" proxies for HTTP URIs [was: new vers… Peter Lepeska
- Re: "Secure" proxies for HTTP URIs [was: new vers… William Chan (陈智昌)
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: new version trusted-proxy20 draft Peter Lepeska
- Re: new version trusted-proxy20 draft William Chan (陈智昌)
- Re: "Secure" proxies for HTTP URIs [was: new vers… Peter Lepeska
- Re: "Secure" proxies for HTTP URIs [was: new vers… Amos Jeffries
- Re: "Secure" proxies for HTTP URIs [was: new vers… Peter Lepeska
- Re: new version trusted-proxy20 draft Amos Jeffries
- Secure Proxy definition [was: "Secure" proxies fo… Salvatore Loreto
- Re: Secure Proxy definition [was: "Secure" proxie… Peter Lepeska
- Re: "Secure" proxies for HTTP URIs [was: new vers… Amos Jeffries
- RE: Secure Proxy definition [was: "Secure" proxie… emile.stephan
- RE: Secure Proxy definition [was: "Secure" proxie… DRUTA, DAN
- RE: Secure Proxy definition [was: "Secure" proxie… Nicolas Mailhot
- Re: "Secure" proxies for HTTP URIs [was: new vers… Peter Lepeska
- Re: "Secure" proxies for HTTP URIs [was: new vers… Nicolas Mailhot
- Re: "Secure" proxies for HTTP URIs [was: new vers… Roland Zink