W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: New draft-loreto-httpbis-proxy20-00.txt

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Wed, 9 Oct 2013 14:01:14 +0200
Message-ID: <0251926fa28c203d4a2438ae360edaeb.squirrel@arekh.dyndns.org>
To: "Salvatore Loreto" <salvatore.loreto@ericsson.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>

Le Mer 9 octobre 2013 06:03, Salvatore Loreto a écrit :
> Hi there,

Hi

> we have just submitted a draft draft
> that advocates the importance and the benefits that proxies can provide
> for HTTP/2.0
> and aims to start a discussion on this topic within the HTTPBis wg

Thank you for this draft

I fear the terminology does not quite cover one of the most common
use-case for intermediaries right now, which is security/caching
intermediaries. This use case is present in Enterprise gateways and but
also more and more on end-user systems (either via built-in browser
functionalities of via extensions like ad block plus which are
semantically a security proxy that happens to be deployed on the same
system).

Unlike a transforming proxy a security intermediary/caching does not aim
to transform messages in any semantic way. The intent is to relay as much
stuff unchanged as possible.

However, unlike a tunnel proxy a security/caching intermediary is party to
the http connexion because it may block some elements for security
reasons, or relay elements that still exist in its cache but have been
changed server-side.

Also, it does need to convey its actions (typically, why some element has
been blocked or how to unblock by authenticating for example) to
endpoints. And it does not want at all for this communication to
masquerade as something else.

I think one of the root reasons proxies does not work correctly now is
this erroneous terminology. People want to think about them as transparent
tunnels (which they are not), and when they diverge from transparent
tunnels they complain about transformations (which is *not* the intent at
all, the few transformations that do occur only exist to simulate the
communication channel that security/caching gateways need and which has
been completely forgotten in http specs)

Making this use case explicit in the specs and fixing the intermediary
communication problem would go a long way to remove proxies as a hate
object.

-- 
Nicolas Mailhot
Received on Wednesday, 9 October 2013 12:01:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC