Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]
"Walter H." <Walter.H@mathemainzel.info> Sun, 07 August 2016 19:05 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC13312B05E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 7 Aug 2016 12:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.267
X-Spam-Level:
X-Spam-Status: No, score=-8.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mathemainzel.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cig1wnlSpPO2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 7 Aug 2016 12:05:25 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40AC812B02B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 7 Aug 2016 12:05:25 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bWTKG-0003rl-7k for ietf-http-wg-dist@listhub.w3.org; Sun, 07 Aug 2016 19:01:32 +0000
Resent-Date: Sun, 07 Aug 2016 19:01:32 +0000
Resent-Message-Id: <E1bWTKG-0003rl-7k@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <Walter.H@mathemainzel.info>) id 1bWTKA-0003pu-MX for ietf-http-wg@listhub.w3.org; Sun, 07 Aug 2016 19:01:26 +0000
Received: from mx11lb.world4you.com ([81.19.149.121]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <Walter.H@mathemainzel.info>) id 1bWTK4-0004lk-UG for ietf-http-wg@w3.org; Sun, 07 Aug 2016 19:01:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mathemainzel.info; s=dkim11; h=Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=K8rxulAHNhc3JcFrCFggsZuj4PuWGzXF08fJ7VM1CKY=; b=kFygYSzIGpaBz5FUjXvSf72l65ZMbVP3mEYSPVJrO5NVbDyU4X5B6JFniomxOBFRMy1JNmh35JzkiGei1n81yzc3c4umhG3XakP/x4ggO14ojtHQxXjg2HAxy+WIYMhDP2L3ihEGHV5f0CfIAkzDhoyP/a+3P7Seu/cqvVyoA2E=;
Received: from [86.56.159.41] (helo=home.mail) by mx11lb.world4you.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <Walter.H@mathemainzel.info>) id 1bWTJf-0000kQ-Tg; Sun, 07 Aug 2016 21:00:55 +0200
Message-ID: <57A78567.2050902@mathemainzel.info>
Date: Sun, 07 Aug 2016 21:00:55 +0200
From: "Walter H." <Walter.H@mathemainzel.info>
Organization: Home
User-Agent: Mozilla/5.0 (UNIX; U; Cray X-MP/48; en-US; rv:2.70) Gecko/20110929 Communicator/7.20
MIME-Version: 1.0
To: Ilari Liusvaara <ilariliusvaara@welho.com>
CC: ietf-http-wg@w3.org
References: <emf4b03d32-a847-4bb3-bfef-4d866b6dba9c@bodybag> <704A6BA4-E2EE-4458-AABB-21E953D1A207@laposte.net> <1A071CC0-3A1E-4E53-B1D0-DBE37FA53A6B@mnot.net> <57A76F02.4020708@mathemainzel.info> <20160807174535.ahcpwzgrxjlysl7z@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20160807174535.ahcpwzgrxjlysl7z@LK-Perkele-V2.elisa-laajakaista.fi>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms020706090706060802060102"
X-SA-Do-Not-Run: Yes
X-AV-Do-Run: Yes
X-SA-Exim-Connect-IP: 86.56.159.41
X-SA-Exim-Mail-From: Walter.H@mathemainzel.info
X-SA-Exim-Scanned: No (on mx11lb.world4you.com); SAEximRunCond expanded to false
Received-SPF: pass client-ip=81.19.149.121; envelope-from=Walter.H@mathemainzel.info; helo=mx11lb.world4you.com
X-W3C-Hub-Spam-Status: No, score=-2.2
X-W3C-Hub-Spam-Report: AWL=-0.000, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_NW=0.5
X-W3C-Scan-Sig: maggie.w3.org 1bWTK4-0004lk-UG bc784c931ac9ec3caade8e0af066ff18
X-Original-To: ietf-http-wg@w3.org
Subject: Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]
Archived-At: <http://www.w3.org/mid/57A78567.2050902@mathemainzel.info>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32210
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 07.08.2016 19:45, Ilari Liusvaara wrote: > On Sun, Aug 07, 2016 at 07:25:22PM +0200, Walter H. wrote: >> On 06.08.2016 02:25, Mark Nottingham wrote: >>> Would this help? >>> >>> https://mnot.github.io/I-D/proxy-explanation/ >>> >>> Keep in mind that only helps for configured proxies. >>> >> configured proxies are not the bug; why not just simpy use plain HTML? > > Except that if you try rejecting the CONNECT, then my browser shows the correct message e.g. While trying to retrieve the URL: https://www.xxx.ru/* The following error was encountered: * *Top-Level-Domain Blocked. * Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. in this case it has no relevance if the host www.xxx.ru really exists or not, because the whole TLD .ru is blocked and this check is done much before; I'm using squid as my MITM-proxy > the browsers just throw > up generic error about connection failed and will just plain discard > any payload the proxy sends. > > (And pretty much the same for non-browsers, if those even support > CONNECT). yes, because these apps warn you that there is a certificate in use they don't know; install the signing certificate of the proxy and it works as I've shown above ...
- Re: Call for Adoption: draft-song-dns-wireformat-… Mark Nottingham
- Re: Call for Adoption: draft-song-dns-wireformat-… Tim Wicinski
- Re: Call for Adoption: draft-song-dns-wireformat-… Tim Wicinski
- Re: MITM and proxy messages [was: Call for Adopti… Patrick McManus
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- RE: Fwd: Call for Adoption: draft-song-dns-wirefo… Mike Bishop
- Re: MITM and proxy messages [was: Call for Adopti… Amos Jeffries
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Amos Jeffries
- Re: MITM and proxy messages [was: Call for Adopti… Poul-Henning Kamp
- Re: MITM and proxy messages [was: Call for Adopti… nicolas.mailhot
- Re: MITM and proxy messages [was: Call for Adopti… nicolas.mailhot
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- Re: MITM and proxy messages [was: Call for Adopti… Martin Thomson
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- Re: MITM and proxy messages [was: Call for Adopti… Kari hurtta
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Kari hurtta
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… Ilari Liusvaara
- Re: MITM and proxy messages [was: Call for Adopti… Kari hurtta
- Re: MITM and proxy messages [was: Call for Adopti… Amos Jeffries
- Re: MITM and proxy messages [was: Call for Adopti… Walter H.
- Re: MITM and proxy messages [was: Call for Adopti… nicolas.mailhot
- Re: MITM and proxy messages [was: Call for Adopti… Adrien de Croy
- MITM and proxy messages [was: Call for Adoption: … Mark Nottingham
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Nicolas Mailhot
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Adrien de Croy
- Re: Call for Adoption: draft-song-dns-wireformat-… Patrick McManus
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Poul-Henning Kamp
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Patrick McManus
- Re: Fwd: Call for Adoption: draft-song-dns-wirefo… Poul-Henning Kamp
- Re: Call for Adoption: draft-song-dns-wireformat-… Mark Nottingham
- Re: Call for Adoption: draft-song-dns-wireformat-… Martin Thomson
- Re: Call for Adoption: draft-song-dns-wireformat-… tjw ietf
- Re: Call for Adoption: draft-song-dns-wireformat-… Martin Thomson
- Fwd: Call for Adoption: draft-song-dns-wireformat… tjw ietf