IETF Logo Mail Archive

Re: New Version Notification for draft-nottingham-proxy-explanation-00.txt

Mark Nottingham <mnot@mnot.net> Mon, 29 February 2016 23:54 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043481A1A2D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Feb 2016 15:54:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jWHMlz0cixs for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Feb 2016 15:54:38 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E1761A1A1B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 29 Feb 2016 15:54:38 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aaXZh-0004lL-Dp for ietf-http-wg-dist@listhub.w3.org; Mon, 29 Feb 2016 23:50:01 +0000
Resent-Date: Mon, 29 Feb 2016 23:50:01 +0000
Resent-Message-Id: <E1aaXZh-0004lL-Dp@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1aaXZd-0004jn-7X for ietf-http-wg@listhub.w3.org; Mon, 29 Feb 2016 23:49:57 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1aaXZb-0007Ei-7j for ietf-http-wg@w3.org; Mon, 29 Feb 2016 23:49:56 +0000
Received: from [192.168.1.101] (unknown [120.149.194.112]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 8232522E200; Mon, 29 Feb 2016 18:49:29 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CA+9kkMC1Tce=eohXFSZfrD9cpJHOMOMKtoYqVbvUY3EwbboTqg@mail.gmail.com>
Date: Tue, 01 Mar 2016 10:49:27 +1100
Cc: HTTP WG <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8BD7C79F-6882-43E5-B706-FA3335DBAA73@mnot.net>
References: <20160217003812.7831.6278.idtracker@ietfa.amsl.com> <56F7C2DF-06AA-477C-8515-C152CC3A56A4@mnot.net> <CA+9kkMC1Tce=eohXFSZfrD9cpJHOMOMKtoYqVbvUY3EwbboTqg@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
X-Mailer: Apple Mail (2.3112)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-8.2
X-W3C-Hub-Spam-Report: AWL=1.359, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1aaXZb-0007Ei-7j 0a22d77e71615f628088de1e1078d88b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-nottingham-proxy-explanation-00.txt
Archived-At: <http://www.w3.org/mid/8BD7C79F-6882-43E5-B706-FA3335DBAA73@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31120
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> On 1 Mar 2016, at 7:01 AM, Ted Hardie <ted.ietf@gmail.com> wrote:
> 
> Howdy,
> 
> On Sun, Feb 28, 2016 at 5:59 PM, Mark Nottingham <mnot@mnot.net> wrote:
> FYI - would be interested in what people thought, as I know some folks have this problem.
> 
> Pretty (and slightly updated) version at:
>   https://mnot.github.io/I-D/proxy-explanation/
> 
> The document says about the HTML content in a 403 "but browsers are unwilling to show this to end users, since doing so would subject them to a potential man-in-the-middle attack."; this same reluctance seems to me likely to apply to the URL in the proposed JSON structure.  You note the issue considerations section, but seem to come down on the side of including it anyway.  Can you explain more about why? What's the other side of this trade-off look like, in your thinking?

Browsers are unwilling to show HTML because it has the ability to masquerade as the origin; displaying a raw link doesn't, and there's significantly less chance that the user will be confused about that.

Still, it'd be good to have a discussion about whether / when the URL should be displayed. I included it to have that discussion, mostly :)

If we don't include it, I *suspect* it's going to be more difficult to meet some use cases (e.g., get support HERE, complain HERE), and I *suspect* proxies will just put links in the text anyway, to cut-and-paste.


> I found it odd that the document talked about forbidding origin servers from generating the media type, rather than returning it a response.  Below you say it MUST NOT be used with 2xx or 3xx responses; it seems like you could also use similar language for origin server/CDN use.

What's the use case for origin servers generating it?


> The document says that "Clients MAY selectively support this media type. For example, an implementation might deem it only useful (or safe) in CONNECT requests."  Given the other restrictions, I don't use case outside of CONNECT, and I would normally say that you shouldn't send an accept header where you're not willing to receive the type; am I missing some of your thinking here?

Interception proxies.

Cheers,



Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email