IETF Logo Mail Archive

Re: new version trusted-proxy20 draft

Thomas Fossati <TFossati@velocix.com> Wed, 19 February 2014 16:30 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B8501A022F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Feb 2014 08:30:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.149
X-Spam-Level:
X-Spam-Status: No, score=-7.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pbAkw8fYNXcn for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Feb 2014 08:30:34 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id E5D7C1A021B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 19 Feb 2014 08:30:33 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1WGA0N-0006JE-DH for ietf-http-wg-dist@listhub.w3.org; Wed, 19 Feb 2014 16:28:15 +0000
Resent-Date: Wed, 19 Feb 2014 16:28:15 +0000
Resent-Message-Id: <E1WGA0N-0006JE-DH@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <TFossati@velocix.com>) id 1WGA0D-0006Ch-8p for ietf-http-wg@listhub.w3.org; Wed, 19 Feb 2014 16:28:05 +0000
Received: from mail-out1.velocix.com ([81.134.152.10] helo=owa.velocix.com) by maggie.w3.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <TFossati@velocix.com>) id 1WGA0B-0004cB-Rx for ietf-http-wg@w3.org; Wed, 19 Feb 2014 16:28:05 +0000
Received: from EXC01-MLT.corp.velocix.com (172.18.4.41) by EXC00CAM.corp.velocix.com (172.18.4.40) with Microsoft SMTP Server (TLS) id 14.2.347.0; Wed, 19 Feb 2014 16:27:35 +0000
Received: from EXB01-MLT.corp.velocix.com ([169.254.2.235]) by exc01-mlt.corp.velocix.com ([172.18.4.41]) with mapi id 14.02.0318.001; Wed, 19 Feb 2014 16:27:34 +0000
From: Thomas Fossati <TFossati@velocix.com>
To: Peter Lepeska <bizzbyster@gmail.com>, "William Chan (陈智昌)" <willchan@chromium.org>
CC: Paul Hoffman <paul.hoffman@gmail.com>, Patrick McManus <pmcmanus@mozilla.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>, HTTP Working Group <ietf-http-wg@w3.org>, "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>, GUS BOURG <gb3635@att.com>
Thread-Topic: new version trusted-proxy20 draft
Thread-Index: AQHPKbZvMgDBE/GT0EeSmbMJUq1iH5q1WLOAgAOucACAAHa8AIABU8WAgABGm4CAAMGQAIAAJhiAgAAJ4QCAALGzgIAAEBIA
Date: Wed, 19 Feb 2014 16:27:33 +0000
Message-ID: <DA86AAEF6E448540808AFA696EA47E5A71FE44E0@EXB01-MLT.corp.velocix.com>
References: <20140214184207.27936.53657.idtracker@ietfa.amsl.com> <449272CA-71CB-4D7D-B431-A42140346B27@ericsson.com> <CAOdDvNrV29awDh07ELasMQW8LsVgELLnRUKQG155JqoYpoJBbQ@mail.gmail.com> <ADDC3F82-3CE3-48C9-8765-7956DB4AF5EF@ericsson.com> <CAOdDvNrfHDdvwEMRdzMjuedN2OpCnwSyxeERVe-p6y9e-o6Wow@mail.gmail.com> <31144FD3-F1B4-497E-9D8E-DC3A3F5C4F8C@ericsson.com> <CAOdDvNrp6AsnnMAqbxT5Bs+agNTeadsZw+2gMsjUXPVvnpBDdg@mail.gmail.com> <CAA4WUYgBZ5US4p=cXYMSR7dz3jCMfz29=1eWp7HGuUphxZQOHw@mail.gmail.com> <CAPik8yZpWyHSa49jpYG3mMMPwYeWvgd6PB6NW65Kj3qTkU8CGQ@mail.gmail.com> <CAA4WUYjpOBXJpm_AkN9rwXkT6YyNFEKf6r+pFChnz+t33NSuhw@mail.gmail.com> <CANmPAYEgC8TdfxpXzg9DkdqYCVxDkf=RRfYtx+wC=zqVUNVv-Q@mail.gmail.com>
In-Reply-To: <CANmPAYEgC8TdfxpXzg9DkdqYCVxDkf=RRfYtx+wC=zqVUNVv-Q@mail.gmail.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [81.134.152.4]
Content-Type: multipart/alternative; boundary="_000_DA86AAEF6E448540808AFA696EA47E5A71FE44E0EXB01MLTcorpvel_"
MIME-Version: 1.0
Received-SPF: none client-ip=81.134.152.10; envelope-from=TFossati@velocix.com; helo=owa.velocix.com
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: AWL=-3.175, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.552
X-W3C-Scan-Sig: maggie.w3.org 1WGA0B-0004cB-Rx 79eed03c3685e6178848634e6f4ae8c2
X-Original-To: ietf-http-wg@w3.org
Subject: Re: new version trusted-proxy20 draft
Archived-At: <http://www.w3.org/mid/DA86AAEF6E448540808AFA696EA47E5A71FE44E0@EXB01-MLT.corp.velocix.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/22289
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 19/02/2014 15:30, "Peter Lepeska" <bizzbyster@gmail.com<mailto:bizzbyster@gmail.com>> wrote:
Salvatore's draft has some really good ideas but it does not attempt to address #2 above, which most agreed was the sticking point on trusted proxy, which we distinguish from "secure proxy" by the fact that a trusted proxy can see https-schemed traffic in plaintext.

Actually, it looks like the extended key usage bit in the proxy certificate (http://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01#section-3.1) would be a handy hook to customise the UX for this use case.

v2.23.0 | Report a Bug | By Email