Re: Comments on Explicit/Trusted Proxy

Albert Lunde <atlunde@panix.com> Thu, 02 May 2013 15:18 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9598E21F8F29 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 2 May 2013 08:18:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CDeiaWmih0PI for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 2 May 2013 08:18:32 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 03DC921F8F24 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 2 May 2013 08:18:31 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UXvGf-0004Ta-8L for ietf-http-wg-dist@listhub.w3.org; Thu, 02 May 2013 15:17:57 +0000
Resent-Date: Thu, 02 May 2013 15:17:57 +0000
Resent-Message-Id: <E1UXvGf-0004Ta-8L@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <atlunde@panix.com>) id 1UXvGU-0004RO-R4 for ietf-http-wg@listhub.w3.org; Thu, 02 May 2013 15:17:46 +0000
Received: from mailbackend.panix.com ([166.84.1.89]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <atlunde@panix.com>) id 1UXvGT-0006S6-TP for ietf-http-wg@w3.org; Thu, 02 May 2013 15:17:46 +0000
Received: from [129.105.233.63] (socrates.tss.northwestern.edu [129.105.233.63]) by mailbackend.panix.com (Postfix) with ESMTP id 4D0AA282F8 for <ietf-http-wg@w3.org>; Thu, 2 May 2013 11:17:25 -0400 (EDT)
Message-ID: <5182837D.6040102@panix.com>
Date: Thu, 02 May 2013 10:17:17 -0500
From: Albert Lunde <atlunde@panix.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: HTTP Working Group <ietf-http-wg@w3.org>
References: <14A09626-8397-4656-A042-FEFDDD017C9F@mnot.net> <CANmPAYH60+wmeYQAikUd4ps3HdPQSm80TeZbMW37LioBYVj-7A@mail.gmail.com> <CAA4WUYjOPgCse6giEmy3f_MzRTC3K25oAWeAavHnzywc5pL91w@mail.gmail.com> <CANmPAYGr8QDhmLR50UzWYWK_fNYzGbF_P9EN0dOadmL-wQy61g@mail.gmail.com> <CAA4WUYjDoRFwPJNWzRqQHdBbV+DjF0mv8OO4RWTBSmh6=Dcnxw@mail.gmail.com> <CANmPAYEirEfpM6kEuxaM3OF7hsjWu8_Lr0aWfQ+btkEGOH3Vsw@mail.gmail.com> <CAA4WUYjGaZRVm3NtmT5qO3j7QKNZZiX7zBEV-pDhK0VGGSxuUg@mail.gmail.com> <896F1026-30C6-4397-B265-67285BFA9DDA@gmail.com> <517A5A3D.8030600@cs.tcd.ie> <19554DFB-5B05-495A-B006-EE55A32F3C44@gmail.com> <D6607F77-16B6-4434-82A5-2862615F673C@checkpoint.com> <0A3A9428-0064-4A2D-A726-19257C8BA8B7@gmail.com> <51822D46.6010109@cs.tcd.ie> <A161D29E-31F0-4453-ADAC-F359A4CCA642@gmail.com> <51827C97.2000303@cs.tcd.ie> <A18DFF8B-77A6-480F-BD2F-A7313B80CE58@gmail.com> <51827EF3.1060504@cs.tcd.ie>
In-Reply-To: <51827EF3.1060504@cs.tcd.ie>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=166.84.1.89; envelope-from=atlunde@panix.com; helo=mailbackend.panix.com
X-W3C-Hub-Spam-Status: No, score=-5.4
X-W3C-Hub-Spam-Report: AWL=-0.674, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.473, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UXvGT-0006S6-TP 6db689a81032cc0f7bf10ad92ad81b7f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Comments on Explicit/Trusted Proxy
Archived-At: <http://www.w3.org/mid/5182837D.6040102@panix.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17782
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 5/2/2013 9:57 AM, Stephen Farrell wrote:
>
>
> On 05/02/2013 03:53 PM, Peter Lepeska wrote:
>> It's no different than today. If you have a root CA installed on the end users machine, you can MITM the bank. Under this scheme, there will be some proxies that will elect to not MITM traffic from content providers that explicitly opt-out.
>
> Right. All web servers have to trust all the proxies in the universe.
> Seems like a show-stopper to me.
 >
>> In general, adding support for an SSL proxy should not decrease the
>> level of security from MITM attacks that we have today. It just allows
>> well-behaving ones to A) not have to forge certificates, B) remove the
>> problem of transitive trust, and C) make content servers aware and give
> them the ability to opt-out.
>
> Standardising that would IMO seriously decrease the level of
> security we have.

I'd say it's better to trust a known proxy than to be in the typical 
captive portal situation where the portal in effect forges certificates 
to make you think everything is wonderful.

This is being done widely enough to suggest there is a use case.

What one would like is something that restricts what the proxy can do 
and identifies the proxy in a reliable way.

The other approach that sometimes works is some kind of VPN, but that 
may be out of scope...

-- 
     Albert Lunde  albert-lunde@northwestern.edu
                   atlunde@panix.com  (address for personal mail)