IETF Logo Mail Archive

Re: [hybi] Different server semantics of CONNECT

Bjoern Hoehrmann <derhoermi@gmx.net> Tue, 07 December 2010 00:56 UTC

Return-Path: <derhoermi@gmx.net>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADF593A68E0 for <hybi@core3.amsl.com>; Mon, 6 Dec 2010 16:56:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.026
X-Spam-Level:
X-Spam-Status: No, score=-3.026 tagged_above=-999 required=5 tests=[AWL=-0.427, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T8fJzz4HzkM9 for <hybi@core3.amsl.com>; Mon, 6 Dec 2010 16:56:49 -0800 (PST)
Received: from mail.gmx.net (mailout-de.gmx.net [213.165.64.23]) by core3.amsl.com (Postfix) with SMTP id 12F013A68DA for <hybi@ietf.org>; Mon, 6 Dec 2010 16:56:48 -0800 (PST)
Received: (qmail invoked by alias); 07 Dec 2010 00:58:12 -0000
Received: from dslb-094-222-156-080.pools.arcor-ip.net (EHLO xn--bjrn-6qa.xn--hhrmann-90a.de) [94.222.156.80] by mail.gmx.net (mp013) with SMTP; 07 Dec 2010 01:58:12 +0100
X-Authenticated: #723575
X-Provags-ID: V01U2FsdGVkX184ewpd08k4A5kxkuqcHi/uW5Zfo+ks+aqzXJjb/p 1xfcZ6o1KYt6eu
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: John Tamplin <jat@google.com>
Date: Tue, 07 Dec 2010 01:58:10 +0100
Message-ID: <4a1rf61np32bc1lrdejtnue8mchqdr2vgo@hive.bjoern.hoehrmann.de>
References: <AANLkTi=5Z+PhCSmgNAd5_JcLYxR1rBQX=sbTT3qEwW-W@mail.gmail.com> <49B71D64-9B5D-40DB-B823-1552C56D19E5@gbiv.com> <F1D6C4CA564CA347B3B9EB54BEA5AD7C0C942729@TK5EX14MBXC212.redmond.corp.microsoft.com> <AANLkTikw+RUNrJQoE13Jm6zkesf8AZ1JZmQdMC7wZDqQ@mail.gmail.com>
In-Reply-To: <AANLkTikw+RUNrJQoE13Jm6zkesf8AZ1JZmQdMC7wZDqQ@mail.gmail.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Hybi <hybi@ietf.org>, Greg Wilkins <gregw@intalio.com>
Subject: Re: [hybi] Different server semantics of CONNECT
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2010 00:56:50 -0000

* John Tamplin wrote:
>First, I am not sure that the CONNECT method is well-enough specified
>that anything could be considered changing it.  RFC2616 only has this
>to say:
>
>> 9.9 CONNECT
>>
>> This specification reserves the method name CONNECT for use with a proxy that can
>> dynamically switch to being a tunnel (e.g. SSL tunneling [44]).
>
>It doesn't even talk at all about what is acceptable in the request
>line, headers, responses, etc.  The only draft which ever made any
>attempt to specify it (as far as I am aware) -
>http://tools.ietf.org/id/draft-luotonen-web-proxy-tunneling-01.txt -
>expired in 1999 (!), so it seems to be stretching the facts to call
>that an active spec.

RFC 2616 is updated by the proposed standard RFC 2817 which defines the
method (imperfectly, but nevertheless). If the draft you mention was the
only specification for it, that would be all the more reason to be very
sceptical about relying on this method for assumed security properties.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

v2.23.0 | Report a Bug | By Email