On May 5, 2014, at 2:28 PM, Raphaël Durand <mail(_at_)raphaeldurand(_dot_)fr>
wrote:
I've just read the draft draft-loreto-httpbis-explicitly-auth-proxy, and I
see a lot of trust and privacy problem in this "Explicit auth proxy".
https://datatracker.ietf.org/doc/draft-loreto-httpbis-explicitly-auth-proxy/?include_text=1
The first problem is in the "opt-out" section (3.3).
First, it has to be "opt-in" not "opt-out" (it's called an "explicit auth
proxy isn't it ?")
Second, in order to be efficent, a proxy have to be a bottleneck, so user
can't get around it.
Hi
I haven’t read the entire draft yet, but proxies don’t have to be the
bottleneck. They are often deployed in conjunction with firewalls, and it is
the firewalls that block connections trying to get around the proxy.
IOW the proxy and firewall don’t have to be co-located.
Yoav