Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On May 5, 2014, at 2:28 PM, Raphaël Durand <mail@xxxxxxxxxxxxxxxx> wrote:

I've just read the draft draft-loreto-httpbis-explicitly-auth-proxy, and I see a lot of trust and privacy problem in this "Explicit auth proxy".
https://datatracker.ietf.org/doc/draft-loreto-httpbis-explicitly-auth-proxy/?include_text=1

The first problem is in the "opt-out" section (3.3).
First, it has to be "opt-in" not "opt-out" (it's called an "explicit auth proxy isn't it ?")
Second, in order to be efficent, a proxy have to be a bottleneck, so user can't get around it.

Hi

I haven’t read the entire draft yet, but proxies don’t have to be the bottleneck. They are often deployed in conjunction with firewalls, and it is the firewalls that block connections trying to get around the proxy. 

IOW the proxy and firewall don’t have to be co-located.

Yoav


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]