Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]
"Walter H." <Walter.H@mathemainzel.info> Sun, 07 August 2016 20:10 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBC5312D196 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 7 Aug 2016 13:10:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.278
X-Spam-Level:
X-Spam-Status: No, score=-6.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mathemainzel.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jdkOwHdWq2N for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 7 Aug 2016 13:10:43 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B14A112B037 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 7 Aug 2016 13:10:43 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bWULN-0005OF-0r for ietf-http-wg-dist@listhub.w3.org; Sun, 07 Aug 2016 20:06:45 +0000
Resent-Date: Sun, 07 Aug 2016 20:06:45 +0000
Resent-Message-Id: <E1bWULN-0005OF-0r@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <Walter.H@mathemainzel.info>) id 1bWULG-0005NP-Lu for ietf-http-wg@listhub.w3.org; Sun, 07 Aug 2016 20:06:38 +0000
Received: from mx02lb.world4you.com ([81.19.149.112]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <Walter.H@mathemainzel.info>) id 1bWULC-0007nC-BL for ietf-http-wg@w3.org; Sun, 07 Aug 2016 20:06:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mathemainzel.info; s=dkim11; h=Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=4exnrgP2cfhv9bNsDRMMknaZ49JR3y7nf+PX2ZZrDOg=; b=NJZvI8yhXUymZj8bZ9aePzTRDpIgxQAG3S3c5jxg8PYfI/IYCJigLyeUPolbwaWjbsdZ63Y2h00lsPl3yiiu7/1xqVFK7PnckdvkGGEUDx0+NxVdCMV/Egpg2X0pphhikiI8dxtnbxeyEzqMW/GERTMigRA6yy5/mFLu7VptZGM=;
Received: from [86.56.159.41] (helo=home.mail) by mx02lb.world4you.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <Walter.H@mathemainzel.info>) id 1bWUId-0006xk-TO; Sun, 07 Aug 2016 22:03:56 +0200
Message-ID: <57A7942B.9000600@mathemainzel.info>
Date: Sun, 07 Aug 2016 22:03:55 +0200
From: "Walter H." <Walter.H@mathemainzel.info>
Organization: Home
User-Agent: Mozilla/5.0 (UNIX; U; Cray X-MP/48; en-US; rv:2.70) Gecko/20110929 Communicator/7.20
MIME-Version: 1.0
To: Kari hurtta <hurtta-ietf@elmme-mailer.org>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
References: <57A76F02.4020708@mathemainzel.info> <20160807175029.8D8B213E9B@welho-filter4.welho.com> <57A783DE.2050304@mathemainzel.info> <201608071907.u77J7iuD006530@shell.siilo.fmi.fi>
In-Reply-To: <201608071907.u77J7iuD006530@shell.siilo.fmi.fi>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms080406060404040208080302"
X-SA-Do-Not-Run: Yes
X-AV-Do-Run: Yes
X-SA-Exim-Connect-IP: 86.56.159.41
X-SA-Exim-Mail-From: Walter.H@mathemainzel.info
X-SA-Exim-Scanned: No (on mx02lb.world4you.com); SAEximRunCond expanded to false
Received-SPF: pass client-ip=81.19.149.112; envelope-from=Walter.H@mathemainzel.info; helo=mx02lb.world4you.com
X-W3C-Hub-Spam-Status: No, score=-1.2
X-W3C-Hub-Spam-Report: AWL=-0.995, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_NW=0.5
X-W3C-Scan-Sig: maggie.w3.org 1bWULC-0007nC-BL 4277dc02a0c9af53a179d98cc5123dfd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]
Archived-At: <http://www.w3.org/mid/57A7942B.9000600@mathemainzel.info>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32212
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 07.08.2016 21:07, Kari hurtta wrote: > > Yes, content was > > https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0367.html > > | In our customer base, the biggest driver to deploy MitM is the refusal > | of browsers to display block pages from denied CONNECT requests. > > > https://mnot.github.io/I-D/proxy-explanation/ > does not require MITM. of course not; and the result will be the same ... > That can be show when CONNECT fails and tunneled TLS > is not established. not really; when the proxy refuse connections without MITM, then the result the proxy replies is nearly the same and the result the browser does also ... when the agent is too stupid to present this HTTP/1.1 403 Forbidden Content-Type: text/html Cache-Control: no-cache <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type"CONTENT="text/html; charset=iso-8859-1"> <TITLE>Policy Violation</TITLE> /HEAD> <BODY> <H1>Policy Violation</H1> <UL> <LI>This content is above your pay grade.<A HREF="https://acme.example.com/why?https://www.example.net" <https://acme.example.com/why?https://www.example.net>>More Info</A>. </LI> </UL> <HR> <ADDRESS>Acme Networks Proxy</ADDRESS> </BODY> </HTML> it won't present this: HTTP/1.1 403 Forbidden Content-Type: application/proxy-explanation+json Cache-Control: no-cache { "name": "Acme Networks" "title": "Policy Violation" "description": "This content is above your pay grade." "moreinfo": "https://acme.example.com/why?https://www.example.net" } too; no difference; the error the proxy replies could also be the following: HTTP/1.1 403 Forbidden Content-Type: text/plain Cache-Control: no-cache Acme Networks Proxy says: "Policy Violation" Because: This content is above your pay grade. For more informations see: https://acme.example.com/why?https://www.example.net Walter
- Re: Call for Adoption: draft-song-dns-wireformat-… Mark Nottingham
- Re: Call for Adoption: draft-song-dns-wireformat-… Tim Wicinski
- Re: Call for Adoption: draft-song-dns-wireformat-… Tim Wicinski
- Re: MITM and proxy messages [was: Call for Adopti… Patrick McManus
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- RE: Fwd: Call for Adoption: draft-song-dns-wirefo… Mike Bishop
- Re: MITM and proxy messages [was: Call for Adopti… Amos Jeffries
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Amos Jeffries
- Re: MITM and proxy messages [was: Call for Adopti… Poul-Henning Kamp
- Re: MITM and proxy messages [was: Call for Adopti… nicolas.mailhot
- Re: MITM and proxy messages [was: Call for Adopti… nicolas.mailhot
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- Re: MITM and proxy messages [was: Call for Adopti… Kari hurtta
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Kari hurtta
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Ilari Liusvaara
- Re: MITM and proxy messages [was: Call for Adopti… Kari hurtta
- Re: MITM and proxy messages [was: Call for Adopti… Amos Jeffries
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… nicolas.mailhot
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- MITM and proxy messages [was: Call for Adoption: … Mark Nottingham
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Nicolas Mailhot
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Adrien de Croy
- Re: Call for Adoption: draft-song-dns-wireformat-… Patrick McManus
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Poul-Henning Kamp
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Patrick McManus
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Poul-Henning Kamp
- Re: Call for Adoption: draft-song-dns-wireformat-… Mark Nottingham
- Re: Call for Adoption: draft-song-dns-wireformat-… Martin Thomson
- Re: Call for Adoption: draft-song-dns-wireformat-… tjw ietf
- Re: Call for Adoption: draft-song-dns-wireformat-… Martin Thomson
- Fwd: Call for Adoption: draft-song-dns-wireformat… tjw ietf