Trusted Proxy User Interface Proposal

Peter Lepeska (@bizzbyster)

Assumption #1

The browser implements a new partition in its certificate database for trusted proxy certificates. When talking to in-path intermediaries that present one of these certificates, the browser has the behavior shown. Protocol details are not specified but have elements of the Mcgrew proposal.

Assumption #2

Importing trusted proxy certificate files is identical to importing root certificates. And therefore enabling trusted proxy functionality in the browser creates no new vulnerabilities to MITM attacks than are already present in mainstream browsers.

Existing versus trusted proxy import

The proposed trusted proxy dialog on the right informs the user that the proxy can decrypt and alter traffic.

User notification and opt-out

Address bar shows logo of trusted proxy entity to the left of the lock.

No thank you

The above displays if the user decides to opt-out of trusting the proxy in the previous screen.

Certificate examination

Both the original and the proxy certificate can be examined, enabling enforcement of certificate pinning.

Mobile UI

Mobile is more difficult but it also can fit the proposed model.