IETF Logo Mail Archive

Re: The future of forward proxy servers in an http/2 over TLS world

Patrick McManus <mcmanus@ducksong.com> Wed, 15 February 2017 20:11 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7BD9129AA0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Feb 2017 12:11:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.4
X-Spam-Level:
X-Spam-Status: No, score=-6.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sendgrid.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyL_jmRL4Oa5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Feb 2017 12:11:19 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F09A9129A2F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 15 Feb 2017 12:11:18 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ce5tG-0001kg-Op for ietf-http-wg-dist@listhub.w3.org; Wed, 15 Feb 2017 20:09:26 +0000
Resent-Date: Wed, 15 Feb 2017 20:09:26 +0000
Resent-Message-Id: <E1ce5tG-0001kg-Op@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net>) id 1ce5tB-0001jI-C1 for ietf-http-wg@listhub.w3.org; Wed, 15 Feb 2017 20:09:21 +0000
Received: from o1682455x182.outbound-mail.sendgrid.net ([168.245.5.182]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net>) id 1ce5sb-0004sQ-PI for ietf-http-wg@w3.org; Wed, 15 Feb 2017 20:09:16 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.me; h=mime-version:in-reply-to:references:from:subject:to:cc:content-type; s=smtpapi; bh=cvrBFAEmidXS7zgHfTCLuWmYWQQ=; b=XFeNIFk60HYItnULYM BtBqFdW3ati/31lCFzF3JdySUxVTpQFhdQ5dSW+Yg4kOX9MQuYQvOFx5CZHz5q72 w0Z5D+gks/WchB4PMlZirKzHwYbaDJhYZj7yImJW5AEK9ikuwdZQvdPYMJjIrKrG x35HgiaBYIqXQew03T1OTNCJU=
Received: by filter1105p1mdw1.sendgrid.net with SMTP id filter1105p1mdw1-6808-58A4B531-30 2017-02-15 20:08:17.807720195 +0000 UTC
Received: from mail-qt0-f176.google.com (mail-qt0-f176.google.com [209.85.216.176]) by ismtpd0001p1iad1.sendgrid.net (SG) with ESMTP id rLmqsFctQECavwgf-STXCw for <ietf-http-wg@w3.org>; Wed, 15 Feb 2017 20:08:17.654 +0000 (UTC)
Received: by mail-qt0-f176.google.com with SMTP id v23so147220780qtb.0 for <ietf-http-wg@w3.org>; Wed, 15 Feb 2017 12:08:17 -0800 (PST)
X-Gm-Message-State: AMke39n2qaeZeaptbaN4/40jxo3USlDU1KnrlVFY8/4vZc01UPCkq6hRYVz53JL7LSf3c9W7w5I16xj6zdhs9A==
X-Received: by 10.200.52.105 with SMTP id v38mr34157842qtb.227.1487189297376; Wed, 15 Feb 2017 12:08:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.162.65 with HTTP; Wed, 15 Feb 2017 12:08:16 -0800 (PST)
In-Reply-To: <embaebd293-2d9d-4e45-9048-2763e892ceb0@bodybag>
References: <emde1bfa93-84c0-49f7-83a4-b9bed24e0276@bodybag> <20170215193126.C090E1F063@welho-filter1.welho.com> <embaebd293-2d9d-4e45-9048-2763e892ceb0@bodybag>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Wed, 15 Feb 2017 15:08:16 -0500
X-Gmail-Original-Message-ID: <CAOdDvNpR5i4xu9viAXD2ioG5W096xAHz4EHzByQL8ZN4FO-sTg@mail.gmail.com>
Message-ID: <CAOdDvNpR5i4xu9viAXD2ioG5W096xAHz4EHzByQL8ZN4FO-sTg@mail.gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11412deac903760548973d64"
X-SG-EID: YLWet4rakcOTMHWvPPwWbcsiUJbN1FCn0PHYd/Uujh7RPA8N1yEReKEml4dKnm6Mo9iAaDLGS9bfSp R0BCgtyr08HiWsgsm4uAxB92BGaWTZgLSS0Oiq85rpHx3NfdCSh4Dk4WuP5Vv/k1hKwwfzclfWdQAB RUqdL//ErPjGx3UIQ9bVraevyu1dHRdvfuVwgnhaF+7FSlRDulVO+m9KxnNSHNRWGGtYk0890Ehq4J g=
Received-SPF: pass client-ip=168.245.5.182; envelope-from=bounces+1568871-208f-ietf-http-wg=w3.org@sendgrid.net; helo=o1682455x182.outbound-mail.sendgrid.net
X-W3C-Hub-Spam-Status: No, score=0.5
X-W3C-Hub-Spam-Report: RCVD_IN_SORBS_SPAM=0.5, TIME_LIMIT_EXCEEDED=0
X-W3C-Scan-Sig: titan.w3.org 1ce5sb-0004sQ-PI 947a0d72a7e7a7ae93a453065db63d67
X-Original-To: ietf-http-wg@w3.org
Subject: Re: The future of forward proxy servers in an http/2 over TLS world
Archived-At: <http://www.w3.org/mid/CAOdDvNpR5i4xu9viAXD2ioG5W096xAHz4EHzByQL8ZN4FO-sTg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33528
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

there is no firefox support for that right now. It would require a
convincing UI and probably interest from another client to proceed with.
The concern is obviously some kind of phish mitm any time you are asked to
display https and you display anything not authenticated by that origin.


On Wed, Feb 15, 2017 at 3:02 PM, Adrien de Croy <adrien@qbik.com> wrote:

>
> Thanks for that
>
> looks like I already knew about it lol.
>
> Do we have any idea about whether this has browser support, I assume FF so
> far only?
>
> Adrien
>
>
> ------ Original Message ------
> From: "Kari Hurtta" <hurtta-ietf@elmme-mailer.org>
> To: "Adrien de Croy" <adrien@qbik.com>
> Cc: "HTTP working group mailing list" <ietf-http-wg@w3.org>; "Kari
> Hurtta" <hurtta-ietf@elmme-mailer.org>
> Sent: 16/02/2017 8:31:25 AM
> Subject: Re: The future of forward proxy servers in an http/2 over TLS
> world
>
>  This means we have a need to be able to respond to CONNECT with a
>>>  denial, and some kind of message that can be displayed to the user.
>>>
>>
>> Maybe
>>
>> https://tools.ietf.org/id/draft-nottingham-proxy-explanation-00.txt
>>
>>
>> https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0390.html
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=637619#c31
>>
>> https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0419.html
>>
>> / Kari Hurtta
>>
>>
>
>

v2.23.0 | Report a Bug | By Email