IETF Logo Mail Archive

Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]

Ilari Liusvaara <ilariliusvaara@welho.com> Sun, 07 August 2016 18:01 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D65812D67B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 7 Aug 2016 11:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.168
X-Spam-Level:
X-Spam-Status: No, score=-8.168 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNwsV7JgKduZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 7 Aug 2016 11:01:40 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E8C412D67A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 7 Aug 2016 11:01:40 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bWSKU-00082k-4M for ietf-http-wg-dist@listhub.w3.org; Sun, 07 Aug 2016 17:57:42 +0000
Resent-Date: Sun, 07 Aug 2016 17:57:42 +0000
Resent-Message-Id: <E1bWSKU-00082k-4M@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ilariliusvaara@welho.com>) id 1bWSKP-00080o-2E for ietf-http-wg@listhub.w3.org; Sun, 07 Aug 2016 17:57:37 +0000
Received: from welho-filter3.welho.com ([83.102.41.25]) by maggie.w3.org with esmtp (Exim 4.80) (envelope-from <ilariliusvaara@welho.com>) id 1bWSKL-00025g-RY for ietf-http-wg@w3.org; Sun, 07 Aug 2016 17:57:36 +0000
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id E055C102D8; Sun, 7 Aug 2016 20:45:42 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id 2sMVmzJD3IYw; Sun, 7 Aug 2016 20:45:42 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 80A5C2310; Sun, 7 Aug 2016 20:45:42 +0300 (EEST)
Date: Sun, 07 Aug 2016 20:45:35 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "Walter H." <Walter.H@mathemainzel.info>
Cc: ietf-http-wg@w3.org
Message-ID: <20160807174535.ahcpwzgrxjlysl7z@LK-Perkele-V2.elisa-laajakaista.fi>
References: <emf4b03d32-a847-4bb3-bfef-4d866b6dba9c@bodybag> <704A6BA4-E2EE-4458-AABB-21E953D1A207@laposte.net> <1A071CC0-3A1E-4E53-B1D0-DBE37FA53A6B@mnot.net> <57A76F02.4020708@mathemainzel.info>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <57A76F02.4020708@mathemainzel.info>
User-Agent: Mutt/1.6.2-neo (2016-07-23)
Sender: ilariliusvaara@welho.com
Received-SPF: none client-ip=83.102.41.25; envelope-from=ilariliusvaara@welho.com; helo=welho-filter3.welho.com
X-W3C-Hub-Spam-Status: No, score=-5.6
X-W3C-Hub-Spam-Report: AWL=-1.284, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.432, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bWSKL-00025g-RY 97401986440e435800f65584e49955e5
X-Original-To: ietf-http-wg@w3.org
Subject: Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]
Archived-At: <http://www.w3.org/mid/20160807174535.ahcpwzgrxjlysl7z@LK-Perkele-V2.elisa-laajakaista.fi>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32208
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sun, Aug 07, 2016 at 07:25:22PM +0200, Walter H. wrote:
> On 06.08.2016 02:25, Mark Nottingham wrote:
> > Would this help?
> > 
> > https://mnot.github.io/I-D/proxy-explanation/
> > 
> > Keep in mind that only helps for configured proxies.
> > 
> configured proxies are not the bug; why not just simpy use plain HTML?
 
Except that if you try rejecting the CONNECT, the browsers just throw
up generic error about connection failed and will just plain discard
any payload the proxy sends.

(And pretty much the same for non-browsers, if those even support
CONNECT).


And for http://, yes, the page will be displayed in browsers,
but authority of response will be misinterpretted, creating other
problems. In non-browsers, this can really create a mess.


-Ilari

v2.23.0 | Report a Bug | By Email