IETF Logo Mail Archive

Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]

"Adrien de Croy" <adrien@qbik.com> Mon, 08 August 2016 22:27 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8650F12D1B7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 8 Aug 2016 15:27:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.168
X-Spam-Level:
X-Spam-Status: No, score=-8.168 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qurPMW0rq3db for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 8 Aug 2016 15:27:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 260AB12D0F9 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 8 Aug 2016 15:27:10 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bWsx7-0004VK-Lg for ietf-http-wg-dist@listhub.w3.org; Mon, 08 Aug 2016 22:23:21 +0000
Resent-Date: Mon, 08 Aug 2016 22:23:21 +0000
Resent-Message-Id: <E1bWsx7-0004VK-Lg@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <adrien@qbik.com>) id 1bWsx2-0004UU-HV for ietf-http-wg@listhub.w3.org; Mon, 08 Aug 2016 22:23:16 +0000
Received: from smtp.qbik.com ([122.56.26.1]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <adrien@qbik.com>) id 1bWsx0-0007Yd-CP for ietf-http-wg@w3.org; Mon, 08 Aug 2016 22:23:16 +0000
Received: From [192.168.1.146] (unverified [192.168.1.146]) by SMTP Server [192.168.1.3] (WinGate SMTP Receiver v9.0.0 (Build 5849)) with SMTP id <0000797589@smtp.qbik.com>; Tue, 09 Aug 2016 10:22:43 +1200
From: Adrien de Croy <adrien@qbik.com>
To: Martin Thomson <martin.thomson@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: "Walter H." <Walter.H@mathemainzel.info>, HTTP Working Group <ietf-http-wg@w3.org>
Date: Mon, 08 Aug 2016 22:22:43 +0000
Message-Id: <em47db4ef7-565c-42ae-b5b1-b31c968c4e35@bodybag>
In-Reply-To: <CABkgnnVsTGkL_vcX8gPzSZLTA4A7x13+_sO+MasNBw9ioVxa1g@mail.gmail.com>
Reply-To: Adrien de Croy <adrien@qbik.com>
User-Agent: eM_Client/6.0.24928.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=122.56.26.1; envelope-from=adrien@qbik.com; helo=smtp.qbik.com
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RP_MATCHES_RCVD=-0.454, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bWsx0-0007Yd-CP a14c5b892eb6fcb401dcc80f765d048a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]
Archived-At: <http://www.w3.org/mid/em47db4ef7-565c-42ae-b5b1-b31c968c4e35@bodybag>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32234
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

+1 on the image.

Users want to see something so they know the response is coming from 
someone/something they have heard of, and the logo is the most effective 
way to do this, since people don't read text.

Otherwise if there's any question about the source of the message, it 
becomes ineffective.


------ Original Message ------
From: "Martin Thomson" <martin.thomson@gmail.com>
To: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
Cc: "Walter H." <Walter.H@mathemainzel.info>; "HTTP Working Group" 
<ietf-http-wg@w3.org>
Sent: 8/08/2016 6:39:09 PM
Subject: Re: MITM and proxy messages [was: Call for Adoption: 
draft-song-dns-wireformat-http]

>On 8 August 2016 at 16:30, <nicolas.mailhot@laposte.net> wrote:
>>  Yes branding sucks but users want branding so at least define an 
>>embedded data: logo with strict limits on size and format.
>
>I have no problem with an image being defined.  I can't promise that
>it will be disabled (or where), because I don't do our security UX,
>but it's a reasonable request.
>
>As for image parsing bugs, yeah I agree.
>

v2.23.0 | Report a Bug | By Email