Re: I-D Action: draft-ietf-httpbis-tunnel-protocol-00.txt
Amos Jeffries <squid3@treenet.co.nz> Thu, 21 August 2014 06:41 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44E7C1A06DC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 23:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.17
X-Spam-Level:
X-Spam-Status: No, score=-6.17 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9k1BLUQ__wtp for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 23:41:45 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAC9F1A6F7F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 20 Aug 2014 23:41:45 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XKM0l-0003cs-39 for ietf-http-wg-dist@listhub.w3.org; Thu, 21 Aug 2014 06:38:15 +0000
Resent-Date: Thu, 21 Aug 2014 06:38:15 +0000
Resent-Message-Id: <E1XKM0l-0003cs-39@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1XKM0L-0003ah-71 for ietf-http-wg@listhub.w3.org; Thu, 21 Aug 2014 06:37:49 +0000
Received: from 121-99-228-82.static.orcon.net.nz ([121.99.228.82] helo=treenet.co.nz) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1XKM0K-0005Yd-6F for ietf-http-wg@w3.org; Thu, 21 Aug 2014 06:37:49 +0000
Received: from [192.168.2.97] (unknown [203.184.52.78]) by treenet.co.nz (Postfix) with ESMTP id DB499E700F for <ietf-http-wg@w3.org>; Thu, 21 Aug 2014 18:37:16 +1200 (NZST)
Message-ID: <53F59390.2030106@treenet.co.nz>
Date: Thu, 21 Aug 2014 18:37:04 +1200
From: Amos Jeffries <squid3@treenet.co.nz>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: ietf-http-wg@w3.org
References: <20140818233839.23251.81316.idtracker@ietfa.amsl.com> <858FBAA8-F0D5-43A0-A621-7D504AB3327A@mnot.net> <CAH_y2NEekpgDNO+OsDELarcSi3nn72gHb98L9R66TntcD9bUiQ@mail.gmail.com> <3859D490-6B6E-4C7D-A3AF-9F1CF6F69045@mnot.net> <CAH_y2NGivMoS_WSudKKM4A=Jnr6bKneJZ5zuTmWrQm=XESYdYw@mail.gmail.com> <6F9EE13B-1791-4010-8953-3172A57AC172@mnot.net> <CAHixhFqbw00FrGSrCRS1rK_HqEj8osRXtXpj+DtYmU=tqFyBkQ@mail.gmail.com>
In-Reply-To: <CAHixhFqbw00FrGSrCRS1rK_HqEj8osRXtXpj+DtYmU=tqFyBkQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=121.99.228.82; envelope-from=squid3@treenet.co.nz; helo=treenet.co.nz
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.449, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, TVD_RCVD_IP=0.001
X-W3C-Scan-Sig: lisa.w3.org 1XKM0K-0005Yd-6F 31c880b363dde69a944fae2fe6908995
X-Original-To: ietf-http-wg@w3.org
Subject: Re: I-D Action: draft-ietf-httpbis-tunnel-protocol-00.txt
Archived-At: <http://www.w3.org/mid/53F59390.2030106@treenet.co.nz>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26685
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 21/08/2014 4:50 p.m., Adam Rice wrote: > As a client, why would I add a header to my request that is going to cause > the proxy to block it? What is the benefit to the user? > Right now there are large numbers of admin who are forced to decrypt TLS just to determine if the traffic is Skype, HTTPS, your application, or some attack. This is a nasty situation and getting worse. As senders in the TLS arms race improve their use so that it cannot be hijacked and decrypted these admin are turned towards the last resorts of a) completely rejecting CONNECT tunnels, or b) configuring an open proxy, or c) walled garden software environments for clients. * if the proxy is blocking your traffic because of that header then you are by definition one of the "bad guys" on that network until unblocked. Try not to tar your reputation further by forcing issues ;-) * sending it allows use of your application on networks which do consider it a "good guy" and would otherwise have a blanket denial on CONNECT traffic. * sending it allows proxies to make the required security decisions without having to hijack and decrypt any traffic. * if use of this header is picked up widely then we will be headed toward a situation where more proxies can relatively safely have blanket rejection on CONNECT traffic omiting it, a lot of current day attacks will fail, and BCP 188 Pervasive Monitoring stops being pervasive. Allowing those admin to avoid decryption or open-proxy is a net gain for both your application and everybody else as well. Amos
- I-D Action: draft-ietf-httpbis-tunnel-protocol-00… internet-drafts
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Mark Nottingham
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Greg Wilkins
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Mark Nottingham
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Greg Wilkins
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Mark Nottingham
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Adam Rice
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Amos Jeffries
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Adam Rice
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Amos Jeffries
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Martin Thomson
- RE: I-D Action: draft-ietf-httpbis-tunnel-protoco… Makaraju, Maridi Raju (Raju)
- Re: I-D Action: draft-ietf-httpbis-tunnel-protoco… Julian Reschke