On 06/11/2012 03:36 AM, Gervase Markham wrote: > On 11/06/12 11:11, Henri Sivonen wrote: >> Could privacy be enhanced by having a Mozilla-hosted server bounce a >> TLS connection to Google's API endpoint? That is, Mozilla would see >> the user's IP address but wouldn't see the contents of the TLS >> connection and Google would see the contents of the TLS connection >> (the data about the downloaded file) but wouldn't see the user's IP >> address. > > That's a really interesting idea.
Yes, it is! One thing we should verify is whether or not these URL pings are followed with a response about the safety of the URL. If we stand up a bouncer, we'll add latency to any response when users ping, and that may not be optimal. I've asked the Google team for more technical detail about their API (and if they are reading this, they should feel free to point to it here) so we see if there's anything we'd be trading for bouncing. -Sid _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
