IETF Logo Mail Archive

Re: The future of forward proxy servers in an http/2 over TLS world

Francesco Chemolli <kinkie@squid-cache.org> Fri, 17 February 2017 13:04 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8EAD129A44 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 17 Feb 2017 05:04:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8lJGiLx-rQNK for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 17 Feb 2017 05:04:32 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57C0B129A43 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 17 Feb 2017 05:04:32 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ceiAH-00047t-0t for ietf-http-wg-dist@listhub.w3.org; Fri, 17 Feb 2017 13:01:33 +0000
Resent-Date: Fri, 17 Feb 2017 13:01:33 +0000
Resent-Message-Id: <E1ceiAH-00047t-0t@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <gkinkie@gmail.com>) id 1ceiAC-00046S-Gh for ietf-http-wg@listhub.w3.org; Fri, 17 Feb 2017 13:01:28 +0000
Received: from mail-wm0-f41.google.com ([74.125.82.41]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <gkinkie@gmail.com>) id 1ceiA5-0001LI-S2 for ietf-http-wg@w3.org; Fri, 17 Feb 2017 13:01:23 +0000
Received: by mail-wm0-f41.google.com with SMTP id v77so9632125wmv.0 for <ietf-http-wg@w3.org>; Fri, 17 Feb 2017 05:01:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:mime-version:subject:date:references:to:in-reply-to :message-id; bh=PJoX/dymzBZwMceK2+k4DkvwzobgRvWdglcRA70OIRU=; b=eFuYhzpXS7fLM/FyXQLMwHNGuHq6w/t0eTPgtkSCIjvsMuKF01R/oOXYjKCTVz0BXj mZi1l+Xp93uwCIw+PIiDu/IGQI8TdB9ldqshRu5gX6TUZ/iNHNAKIUFsJKJAssrkC5h4 GiuToY3QicxpsMkg1eUAmKGgY9rNPMvUa6gLMLybVAi6W5sZiW0YyJabmkRdztX96Gj1 YGlkIIgCn7BNHoC454puagzTMT0RIH3nZjTgZbrps7dwVZ4rfNrOlPHhtxyI06qDwJ7W GA5npMm37CqZMRvrFtd/4eOiLQ4NgXDKPR2XtGDXFlireKWmlYNbYWELKJHvYdHyPVsZ OFxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:mime-version:subject:date:references :to:in-reply-to:message-id; bh=PJoX/dymzBZwMceK2+k4DkvwzobgRvWdglcRA70OIRU=; b=VNirVAvYKEPiSQ1e6QjSvmxPARQ8BYYYGG0B5ecMqiD7uv4UctgczvHcTia4wROn5r JAi0QyVRXwFo2ujEVjtLoyUFceH+byBi9BC66MhEJpnwgxDyWmBozEyVjupsZ65qh8ay zRZW26hkmen4tlVhqiv3XLTvXC78JhniI19mOkgavVcQRQ5yb3Ck9S9qZh5x328kPQtW qA2hMcICqG1aHgDiVX8DS2Jio18L+BYIX5PoTvcVIVOFbY9eoQyhUYzn7XuR2sCp02mG ur1cKU0SkvlwkEYL8p0djYs6LdOHNfuzV91B63WUsRvv3jBl/gnrbhl3BHmO5PzYZbeF P05A==
X-Gm-Message-State: AMke39nZvdsogTCvvXuwZ77AXFROLGR59oOjXNRcI8hzLZVQ6NsrL1PceteqqyCVVsW6SA==
X-Received: by 10.28.156.151 with SMTP id f145mr2093768wme.8.1487336455300; Fri, 17 Feb 2017 05:00:55 -0800 (PST)
Received: from ?IPv6:2620:10d:c0c1:1209:7cec:4d37:245a:627f? ([2620:10d:c092:200::1:39f3]) by smtp.gmail.com with ESMTPSA id q5sm12861658wrd.32.2017.02.17.05.00.54 for <ietf-http-wg@w3.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Feb 2017 05:00:54 -0800 (PST)
Sender: Kinkie <gkinkie@gmail.com>
From: Francesco Chemolli <kinkie@squid-cache.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6A711C5B-CBB1-4121-A88B-86B500688B88"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Fri, 17 Feb 2017 13:00:54 +0000
References: <emde1bfa93-84c0-49f7-83a4-b9bed24e0276@bodybag> <CA+3+x5GV9MdYOP3gHLABe+=GVVKf7ugbMWHquuzVHGCbwY-s5w@mail.gmail.com> <44039619.275607.1487333645445.JavaMail.zimbra@laposte.net>
To: ietf-http-wg@w3.org
In-Reply-To: <44039619.275607.1487333645445.JavaMail.zimbra@laposte.net>
Message-Id: <E5473FDB-0CBE-43F4-A5B3-7FF36DEAB32B@squid-cache.org>
X-Mailer: Apple Mail (2.3259)
Received-SPF: pass client-ip=74.125.82.41; envelope-from=gkinkie@gmail.com; helo=mail-wm0-f41.google.com
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.197, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ceiA5-0001LI-S2 0b306565dffc4bb54dc04dc3cbd5c34c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: The future of forward proxy servers in an http/2 over TLS world
Archived-At: <http://www.w3.org/mid/E5473FDB-0CBE-43F4-A5B3-7FF36DEAB32B@squid-cache.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33577
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> On 17 Feb 2017, at 12:14, nicolas.mailhot@laposte.net wrote:
> 
> So there *is* blocking at the gateway level, there *will* *be* blocking at the gateway level, the question is not whether this blocking should exist or not, but if the user experience can be made less miserable than it is today [...]

..Following up with with 10 minutes of open stage enthusiastic standing ovation.

I support this description of the state of things, and the conclusion.
Let's remember that there's not only browsers: HTTP is taking over the role of transport for most remaining holdouts of other mechanisms for sever-to-server inter-organisation message passing. In this use-case the user interface is obviously much less of an issue (if at all), but the use-case for to a centralised HTTP L7 forward control point is very much there.

I've had several conversations with UA contributors over this, and from what I recall everyone agrees that the presentation side of things is the most critical aspect; I hope this thread will renew interest in finding a solution, ideally shared so to give end-users the least surprise.

	Francesco Chemolli (kinkie)
	Squid

v2.23.0 | Report a Bug | By Email