Limited Proxying for Content Filtering Based on X.509 Proxy Certificate Profile


Use of proxy servers to filter content is very critical in achieving both personal and enterprise security. A common practice to perform this task is by allowing a man-in-the-middle to intercept the traffic unconditionally and act as a proxy between the client and the server. While this method is good enough for unencrypted HTTP connections, it is not a good practice in encrypted HTTPS (SSL/TLS) connections. In this paper, we introduce an access-controlled limited proxying framework to allow HTTPS content filtering based on the Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. Limited proxying allows the client and the server to decide which content can be accessed by a proxy to avoid compromise of sensitive content. The proposed framework grants the user full control to grant or revoke specific proxy privileges which enhances the user’s privacy online. We also define and argue about the security properties of the framework as well as some practical considerations for its implementation.

The 11th International Conference on Security for Information Technology and Communications SECITC 2018