W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 2001

RE: Tunneling

From: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
Date: Fri, 31 Aug 2001 17:30:26 +0200
To: "'Yogesh Bang'" <Y.Bang@zensar.com>
Cc: "WWW WG \(E-mail\)" <http-wg@cuckoo.hpl.hp.com>
Message-ID: <000301c13231$dc0f6fb0$0d0ba8c0@joris2k.local>
>-----Original Message-----
>From: Yogesh Bang [mailto:Y.Bang@zensar.com]
>Sent: Thursday, 30 August 2001 2:03
>To: 'http-wg@cuckoo.hpl.hp.com'
>Subject: Tunneling
>
>
>Hi ,
>
>As per the discussions, it seems that PROXY can tunnel protocol on HTTP
>Then why every proxy has different port for different protocols
>(like FTP,SMTP,SOCKS etc).

FTP is for compatiblity with FTP programs, like WS_FTP. These don't support
HTTP, only FTP. Proxies commonly don't support incomming FTP connections.
You can access FTP through HTTP, even through the protocols differ.

SMTP is not comparable with HTTP in any kind. It handles mail transmission
instead of file/hypertext transport.

SOCKS is not comparable with HTTP in any kind. It's designed for incomming
and outgoing TCP and UDP traffic through a firewall.

These protocols are for very different different goals than HTTP is.

>Why not other protocols are tunneled over HTTP?

It's not practical. And also security may suffer.
ICQ, for example does support tunneling through HTTP, however I doubt it's
used frequently. SOCKS is a better alternative for this...

>
>If my application (written in say VC++), wants to use HTTP-tunneling
>what necessary and sufficient conditions it should have at
>Client and Server
>ends.

HTTP tunneling supports only TCP outgoing, however SOCKS support TCP and UDP
incomming and outgoing, even as knowing the IP address and port where that
is opened for transactions.
>
>There is still confusion on PROXING and HTTP-TUNNELING.
>If HTTPS uses HTTP-TUNNELING and HTTP-TUNNELED data cant be
>seen by anybody,
>why encryption is needed for that data (Digital certificates
>for HTTPS)?

You make a TCP connection to the proxy and request the proxy to make a
tunnel to a server. The data send through the HTTP tunnel (like most(!)
tunnels) can be read by everyone. A protocol like SSL or TLS adds the
security (others cannot write and optionally not read). Over a security
protocol HTTP is send.

HTTPS is simply HTTP send over a security protocol, like SSL, TLS or others.


- Joris
>
>Thanks in advance.
>
>Yog
>
>> -----Original Message-----
>> From: Joris Dobbelsteen [mailto:joris.dobbelsteen@mail.com]
>> Sent: Thursday, August 30, 2001 2:54 PM
>> To: 'Rompo Punyanitya'
>> Cc: WWW WG (E-mail)
>> Subject: RE: Http Tunneling
>>
>>
>> >-----Original Message-----
>> >From: Rompo Punyanitya [mailto:rpunyani@bigpond.net.au]
>> >Sent: Wednesday, 29 August 2001 11:46
>> >To: Joris Dobbelsteen
>> >Subject: Re: Http Tunneling
>> >
>> >  Doesn't it mean that HTTP tunneling is also act and serve the same
>> >functionalities as HTTP proxy then? I thought that the
>> >different between
>> >tunnel and proxy was , the tunnel will only forward the
>> >orginal request from
>> >client to the actual end server, but the proxy is allow to
>> >modify and change
>> >the client request to more suitable request then send it to
>> >the actual end
>> >server.
>>
>> Somewhat, however you don't understand tunneling concept to well.
>>
>> There is a difference between proxying and tunneling:
>>
>> While acting as a proxy, you send a request to the proxy
>> server, the same as
>> you whould send to the orgin server. The proxy server can
>> modify/change the
>> request (even deny it or get it from cache).
>>
>> A tunnel will establish a connection from you to the other
>> end-point (orgin
>> server). This tunnel can be established through one one (or
>> more) proxy
>> server(s), who should not inferfere with the information send
>> through the
>> tunnel. To you it looks just like a normal TCP connection
>> from you to the
>> other end-point (actual end server).
>>
>> Some more background: tunneling was needed to establish a
>> secure channel
>> between two end-points. The property of a secure channel is
>> that nobody,
>> except the end-points, can send data over it and optionally
>> cannot read it.
>> Both is the case with HTTPS.
>>
>> - Joris
>>
>> >
>> >Cheers.
>> >Rompo Punyanitya
>> >
>> >----- Original Message -----
>> >From: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
>> >To: 'Yogesh Bang' <Y.Bang@zensar.com>
>> >Cc: WWW WG (E-mail) <http-wg@cuckoo.hpl.hp.com>
>> >Sent: Tuesday, August 28, 2001 8:50 AM
>> >Subject: RE: Http Tunneling
>> >
>> >
>> >> HTTP Tunneling is designed for Secure HTTP (HTTPS). A HTTP
>> >tunneling is a
>> >> method of going through a proxy server, without the proxy
>> >server itself
>> >> handling any data transmitted.
>> >> A tunnel can be established with the connect method:
>> >>
>> >> CONNECT <host>:<port> HTTP/1.1 <CRLF>
>> >> <CRLF>
>> >>
>> >> If the HTTP return code is 200 (OK), a connection is
>> >established. Now any
>> >> data transmitted is directly forwarded (by the proxy
>server) to the
>> >> end-point.
>> >>
>> >> Take note that most proxy server will only allow tunnels
>> to port 443
>> >> (HTTPS), due to security restrictions. So they're not usable
>> >for anything
>> >> else than HTTPS. Some proxy servers (like the ISA server) can be
>> >configured
>> >> to interfrere with the data on the tunnel.
>> >> Contact the Proxy manual of admin.
>> >>
>> >> - Joris
>> >>
>> >> >-----Original Message-----
>> >> >From: Yogesh Bang [mailto:Y.Bang@zensar.com]
>> >> >Sent: Sunday, 26 August 2001 3:38
>> >> >To: 'http-wg@cuckoo.hpl.hp.com'
>> >> >Subject: Http Tunneling
>> >> >
>> >> >
>> >> >Hi There,
>> >> >
>> >> >While going through technical jargons, I came across this term
>> >> >'Http-Tunneling'. It is said that using this,it is possible to
>> >> >send data of any protocol through proxy over HTTP.Can any one
>> >> >tell me how
>> >> >this
>> >> >can be achieved? any sample code will provide good idea or
>> >> >send me the urls
>> >> >where
>> >> >I can get the basics of http-tunneling.
>> >> >
>> >> >Is it possible to tunnel complex protocols which are used
>> >by 'Microsoft
>> >> >Netmeeting',
>> >> >or AIM etc?
>> >> >
>> >> >Thanks in advance!!!
>> >> >
>> >> >yog
>> >> >
>> >> >
>> >>
>> >
>> >
>>
>
>
Received on Friday, 31 August 2001 16:28:11 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:44 EDT