W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 06 Apr 2012 21:26:08 +0000
To: Willy Tarreau <w@1wt.eu>
cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
Message-ID: <73255.1333747568@critter.freebsd.dk>
In message <20120406211424.GB4336@1wt.eu>, Willy Tarreau writes:

>In my opinion we should let the user decide between GET https:// and
>CONNECT. That solves all issues because admins can let just a short
>whitelist run on CONNECT, with the rest being analyzed.

For reasons of backwards compat, I don't think we'll get rid of
CONNECT any time soon, and since it is also widely used for getting
VPN out through corp perimeters, it will have to be supported by
proxies still.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 6 April 2012 21:26:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT