Hi Raphaël,
At 04:28 05-05-2014, Raphaël Durand wrote:
I've just read the draft
draft-loreto-httpbis-explicitly-auth-proxy, and
I see a lot of trust and privacy problem in this "Explicit auth proxy".
https://datatracker.ietf.org/doc/draft-loreto-httpbis-explicitly-auth-proxy/?include_text=1
In Section 3.1:
"To help end users understand the reason why the proxy is offered (in
other words, the benefits of having the proxy in the path)"
Section 6.1 of one of the drafts being referenced
has some text about "Living with Interception".
I did not comment about the questions in your
message as the authors are better placed to answer them.
"To ensure the trustfulness of proxies,
certification authorities validation procedure
for issuing proxy certificates should be more
rigorous than for issuing normal certificates
and may also include technical details and
processes relevant for the security assurance."
There was a problem in December 2013 about a
certificate which had been "mis-issued".
I could not find any discussion about "pervasive
monitoring" in the Security Considerations
section. Did the authors consider that?
BYW, I posted a request for feedback at
http://www.ietf.org/mail-archive/web/perpass/current/msg01735.html
It would help me if you (or anyone else) could
comment on the perpass mailing list.
Regards,
S. Moonesamy