Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy
S Moonesamy <sm+ietf@elandsys.com> Mon, 05 May 2014 17:24 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882A31A03BB for <ietf@ietfa.amsl.com>; Mon, 5 May 2014 10:24:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.141
X-Spam-Level:
X-Spam-Status: No, score=-2.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.651, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdhZt31DIifv for <ietf@ietfa.amsl.com>; Mon, 5 May 2014 10:24:55 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id DA2B21A01BB for <ietf@ietf.org>; Mon, 5 May 2014 10:24:55 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.134.8]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s45HOY38004974 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 May 2014 10:24:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1399310687; bh=kYiQQLaCnPalKds8dAuw9lBYCSksK+gmSch12s9vqYI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=nzxtcZYlSvtOxXRIbiPbKIEYUvPWZRke+L/cY9PKIp2bZ9DR9dzSlLMuM78TYU6BB ERGIiKmUtAZMNmCwDqAtKEPK0mD0QywDCICJOXBouCiSbAJGAQ6+eNJR3+VDtE55Ow WZSIBDM2bq6GMAPvvGuMS+kciFnZasCBauwiF5FY=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1399310687; i=@elandsys.com; bh=kYiQQLaCnPalKds8dAuw9lBYCSksK+gmSch12s9vqYI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=WnjMguiqWIRZ4vo35/onl/VxykB3mMRvJghOB3ZsypxkLByOt9fcTRPbjd7jxU61T slqW3IeV34YW2t7nX8/UmMf5i7JSgTfQ91mhCxZ5bVSaqzv7tyx9jhxtQx8m1wtAxe 2iV4ea4nFg4oMjzAp/5TnLfoyaPfZ+/zA6NZ/mK8=
Message-Id: <6.2.5.6.2.20140505085133.0cadfea0@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 05 May 2014 09:50:15 -0700
To: Raphaël Durand <mail@raphaeldurand.fr>, ietf@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Subject: Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy
In-Reply-To: <536775D2.4090708@raphaeldurand.fr>
References: <536775D2.4090708@raphaeldurand.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/16cF-8eKYYNe8UwqRZ_VvpYdxF4
Cc: "gb3635@att.com" <dd5826@att.com>, Gus Bourg <gb3635@att.com>, Mohammad Hafeez <mh2897@att.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:24:57 -0000
Hi Raphaël,
At 04:28 05-05-2014, Raphaël Durand wrote:
>I've just read the draft
>draft-loreto-httpbis-explicitly-auth-proxy, and
>I see a lot of trust and privacy problem in this "Explicit auth proxy".
>https://datatracker.ietf.org/doc/draft-loreto-httpbis-explicitly-auth-proxy/?include_text=1
In Section 3.1:
"To help end users understand the reason why the proxy is offered (in
other words, the benefits of having the proxy in the path)"
Section 6.1 of one of the drafts being referenced
has some text about "Living with Interception".
I did not comment about the questions in your
message as the authors are better placed to answer them.
>"To ensure the trustfulness of proxies,
>certification authorities validation procedure
>for issuing proxy certificates should be more
>rigorous than for issuing normal certificates
>and may also include technical details and
>processes relevant for the security assurance."
There was a problem in December 2013 about a
certificate which had been "mis-issued".
I could not find any discussion about "pervasive
monitoring" in the Security Considerations
section. Did the authors consider that?
BYW, I posted a request for feedback at
http://www.ietf.org/mail-archive/web/perpass/current/msg01735.html
It would help me if you (or anyone else) could
comment on the perpass mailing list.
Regards,
S. Moonesamy
- Trust and provacy problems with draft-loreto-http… Raphaël Durand
- Re: Trust and provacy problems with draft-loreto-… Yoav Nir
- Re: Trust and provacy problems with draft-loreto-… S Moonesamy
- Re: Trust and provacy problems with draft-loreto-… Salvatore Loreto
- Re: Trust and provacy problems with draft-loreto-… Paul Wouters
- Re: Trust and provacy problems with draft-loreto-… Raphaël Durand