See: http://www.kb.cert.org/vuls/id/435052 From an HTTP perspective, there are a number of potential reactions; 1) intercepting proxies are bad; we told you so! 2) we should accommodate intercepting proxies in HTTPbis, because they're a reality. 2a) we should note this type of attack in Security Considerations, and more strongly recommend that clients send an absolute URI on the request-line, even when not using a configured proxy. Just food for thought... Cheers, -- Mark NottinghamReceived on Monday, 23 February 2009 23:43:47 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:35 GMT