Forgot your password?
The Internet Communications Networking

Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0 177

Posted by timothy
from the you-have-reached-the-internet-mailbox-of-al-gore dept.
Lauren Weinstein writes "You'd think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven't authorized, that a plan to formalize a mechanism for ISP and other 'man-in-the-middle' snooping would be laughed off the Net. But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft 'Explicit Trusted Proxy in HTTP/2.0' (14 Feb 2014) haven't gotten the message. What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping."
This discussion has been archived. No new comments can be posted.

Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0

Comments Filter:
  • by Anonymous Coward on Sunday February 23, 2014 @11:49AM (#46316023)

    That works for you, me, and maybe a few other people.

    For the billions of people online who don't/can't/won't think about what's actually going on, it doesn't work at all. In effect, all that matters is what Joe Sixpack does, and that's pretty clear. You can manipulate Joe into anything you want, by putting a shiny icon on it and telling him he can watch NFL Cheerleader Tryouts 15 in glorious High Definition.

  • Well for one... (Score:5, Insightful)

    by Junta (36770) on Sunday February 23, 2014 @11:51AM (#46316039)

    Pretty much anyone can submit an IETF RFC if they really want. The existence of a draft does not guarantee a ratified version will exist someday.

    For another, it could be much worse. There is explicit wording at least here about seeking consent from the user and allowing opt-out even in the 'captive' case, as well as notifying the actual webserver of this intermediary, and that the intermediary must use a particular keyusage field meaning that some trusted CA has explicitly approved it (of course, the CA model is pretty horribly ill-suited for internet scale security, but better than nothing). Remember how Nokia confessed they silently and without consent had their mobile browser hijack and proxy https traffic without explicitly telling the user or server? While something like this being formalized wouldn't prevent such a trick, it would be very hard to defend a secretive approach in the face of this sort of standard being in the wild.

    Keep in mind that in a large number of cases in mobile, the carriers are handing people the device including the browser they'll be using. A carrier could do what Nokia admits to in many cases without the user being the wiser and claim the secretive aspect is just a side effect today. If there was a standard clearly laying out that a carrier or mobile manufacturer should behave a certain way, that defense would go away.

    I would always elect the 'opt out' myself, but I'd prefer anything seeking to proxy secure traffic be steered toward doing things on the up and up rather than pretending no one will do it and leaving the door open for ambiguous intentions.

  • by Anonymous Coward on Sunday February 23, 2014 @04:55PM (#46318013)

    This tech adds to their security end-to-end instead. After all, it allows a user to explicitly define a man-in-the-middle to explicitly trust applications and appliances in the middle to improve their experience.

    I think you need to re-examine your use of the word "security" and "end-to-end".

    This does precisely the opposite of what you said, to achieve the aim you stated.

    "This tech reduces their security end-to-end, to improve their experience" is what it does. I admit, it has the potential to improve their experience, if cached content is more important that secure content. But it can only *reduce* security end-to-end. There is no possibility whatsoever that it could ever maybe slightly increase security. It can only possibly improve their experience, as long as that experience is wholly devoted to page-load-times due to cached content and content compression.

    If their "experience" is ever tainted by things such as, information leak or third party malware injections, then this technology can only ever reduce security, since there is an additional place to target for such things that never existed before.

  • by Anonymous Coward on Sunday February 23, 2014 @06:16PM (#46318565)

    This is also from the *actual* draft []:

    7. Privacy Considerations

    Notice how it's empty? The author(s) plainly don't give two hoots about use privacy.

Two is not equal to three, even for large values of two.