Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Raphaël,
At 04:28 05-05-2014, Raphaël Durand wrote:
I've just read the draft draft-loreto-httpbis-explicitly-auth-proxy, and I see a lot of trust and privacy problem in this "Explicit auth proxy".
https://datatracker.ietf.org/doc/draft-loreto-httpbis-explicitly-auth-proxy/?include_text=1

In Section 3.1:

  "To help end users understand the reason why the proxy is offered (in
   other words, the benefits of having the proxy in the path)"

Section 6.1 of one of the drafts being referenced has some text about "Living with Interception".

I did not comment about the questions in your message as the authors are better placed to answer them.

"To ensure the trustfulness of proxies, certification authorities validation procedure for issuing proxy certificates should be more rigorous than for issuing normal certificates and may also include technical details and processes relevant for the security assurance."

There was a problem in December 2013 about a certificate which had been "mis-issued".

I could not find any discussion about "pervasive monitoring" in the Security Considerations section. Did the authors consider that?

BYW, I posted a request for feedback at http://www.ietf.org/mail-archive/web/perpass/current/msg01735.html It would help me if you (or anyone else) could comment on the perpass mailing list.

Regards,
S. Moonesamy





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]