Re: Comments on Explicit/Trusted Proxy

Yoav Nir <ynir@checkpoint.com> Sun, 05 May 2013 12:06 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57B0721F8648 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 5 May 2013 05:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gx4Q7pxLLzom for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 5 May 2013 05:06:43 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 0F82621F8D2C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 5 May 2013 05:06:42 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UYxgo-0005FV-W5 for ietf-http-wg-dist@listhub.w3.org; Sun, 05 May 2013 12:05:15 +0000
Resent-Date: Sun, 05 May 2013 12:05:14 +0000
Resent-Message-Id: <E1UYxgo-0005FV-W5@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <ynir@checkpoint.com>) id 1UYxgd-00053i-Tl for ietf-http-wg@listhub.w3.org; Sun, 05 May 2013 12:05:03 +0000
Received: from smtp.checkpoint.com ([194.29.34.68]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <ynir@checkpoint.com>) id 1UYxgb-0007TM-3J for ietf-http-wg@w3.org; Sun, 05 May 2013 12:05:02 +0000
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r45C4QNC031282; Sun, 5 May 2013 15:04:26 +0300
X-CheckPoint: {5186495A-0-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.54]) by DAG-EX10.ad.checkpoint.com ([169.254.3.48]) with mapi id 14.02.0342.003; Sun, 5 May 2013 15:04:26 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Werner Baumann <werner.baumann@onlinehome.de>
CC: "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Thread-Topic: Comments on Explicit/Trusted Proxy
Thread-Index: AQHOQfUoCWVqQcjQZk+AE3cF54VbB5jyb9WAgAAJtoCAAAGDgIAAe8iAgAAyRACAAFWxAIAARCgAgAALWgCAAB1KAIAAwsiAgABT8gCAADOhgIAA6/qAgAA5O4A=
Date: Sun, 5 May 2013 12:04:26 +0000
Message-ID: <260F2479-FF40-40EC-9712-2A22C26BA3BA@checkpoint.com>
References: <em2a41028e-505a-4d9f-858e-341d3bf5e8d8@bombed> <5184E317.6070903@cs.tcd.ie> <CAP+FsNffGxaD3L2Ra8b_vqObO9X-FqELLO5g0cYM=uHFL0_yhQ@mail.gmail.com> <518554D1.7020901@cs.tcd.ie> <20130505103933.4ccf0ef5@ginster.fritz.box>
In-Reply-To: <20130505103933.4ccf0ef5@ginster.fritz.box>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.18]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
x-cpdlp: 113a1df0f2894e9fa1be00cfe44bb1ba4e725ac090
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <B0A7D879FD91D54287416629165BD3E5@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: permerror client-ip=194.29.34.68; envelope-from=ynir@checkpoint.com; helo=smtp.checkpoint.com
X-W3C-Hub-Spam-Status: No, score=-7.5
X-W3C-Hub-Spam-Report: AWL=0.577, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.154
X-W3C-Scan-Sig: lisa.w3.org 1UYxgb-0007TM-3J c3d8fccbb91dc05165f14f8f722b4704
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Comments on Explicit/Trusted Proxy
Archived-At: <http://www.w3.org/mid/260F2479-FF40-40EC-9712-2A22C26BA3BA@checkpoint.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17841
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi, Werner

Feels weird for me to be arguing for the other side, but…

On May 5, 2013, at 11:39 AM, Werner Baumann <werner.baumann@onlinehome.de>; wrote:

> An explicit trusted proxy does not meet this definition of wiretapping
> because of condition 1. Whether information is delivered to a third
> party at all depends on the administration of that proxy. End users will
> have to decide whether to trust it or not (which is much more easy done
> than to decide whether to trust some CA or not).

Corporate proxies are installed by the same IT departments that install the corporate laptops. So why bother the user with pesky warning screens and with installing CA certificates / trusted proxy certificates?  The corporate laptops come pre-installed with the MitM CA. This will not change if some trusted proxy technology is adopted - the user will still "trust" the proxy without their knowledge. 

Ethical IT departments inform their users that this is going on. Certainly in some countries informing the users about this is mandatory. I believe that a trusted proxy scheme is better than the status quo, because browsers *could* display some warning/icon/color in the address bar whenever a proxy is present. However, there is nothing to guarantee that all browser vendors will display such an indication, nor that users would notice if they did.

> All participants in this discussion that argued in favor of explicit
> trusted proxies did it to stop a situation where this is done without
> the end user knowing of the interception. The whole point of these
> proposals is to make the user aware of the proxy and to allow the user
> to either agree or deny.

If you bring your own device, the proxy is visible right now. If you use your employer's device, they are in full control of whether you are or aren't aware.

Yoav

> Start of not trying to insult section:
> Repeating the mantra "Don't open TLS to MITM attacks" is bogus in face
> of the well known fact that TLS is susceptible to MITM attacks
> (mostly due to not trustworthy CAs) and that this weakness is already
> widely exploited.