- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Fri, 15 Nov 2013 08:07:20 +0100
- To: "Willy Tarreau" <w@1wt.eu>
- Cc: "Ryan Hamilton" <rch@google.com>, "David Morris" <dwm@xpasc.com>, "Bruce Perens" <bruce@perens.com>, "Roberto Peon" <grmocg@gmail.com>, "James Snell" <jasnell@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>, "Julian Reschke" <julian.reschke@gmx.de>, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
Le Ven 15 novembre 2013 07:47, Willy Tarreau a écrit : > The CONNECT method is used to open tunnels through proxies and all proxy > users who browse in HTTPS use it. Which makes it a security nightmare, since its allows tunneling any protocol without control and there are products on the market that advertise the ability of using connect to bypass any firewall rule. Thus I resent pretending that connect makes http reliable since it main point today seems to be to tunnel random non-http junk through security equipments. (and I know any encrypted payload by nature can not be controlled but there is a difference between accepting encrypted bodies inside http frames with http signalling and tunnelling whole protocols pretty much unchanged) -- Nicolas Mailhot
Received on Friday, 15 November 2013 07:07:51 UTC