W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: New Version Notification for draft-nottingham-proxy-explanation-00.txt

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Wed, 02 Mar 2016 10:12:54 +0000
To: Thomas Mangin <thomas.mangin@exa-networks.co.uk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP WG <ietf-http-wg@w3.org>, Amos Jeffries <squid3@treenet.co.nz>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Message-Id: <201603021012.u22AC54f020340@shell.siilo.fmi.fi>
Thomas Mangin <thomas.mangin@exa-networks.co.uk>: (Wed Mar  2 11:25:06 2016)
> If used with the CONNECT verb, there is no risk of the header carrying 
> this information to be be passed on to the origin. However, if allowed 
> through HTTP, any header would pass through towards the origin and then 
> could be used by another non-configured proxy down the line. This could 
> be mitigated by mandating a draft aware proxy to block any 
> json+explaination response messages coming back towards the client.

That is why I put it to Connection: -header field.

>> Register new header field for that nonce.
>> 
>> Browser may include that on request when it is using proxy:
>> 
>> New-header-field: nonce-value
>> Connection: new-header-field
>> 
>> Connection header field prevents origin server seeing
>> this (if proxy follows HTTP/1.1 -- I do not know how
>> this play with HTTP/2, but HTTP/2 is likely to be used
>> only  with encrypted connections / with CONNECT method. )

I think that browser will quite fast learn
that is proxy supporting HTTP/1.1

Simple use this only when there is seen HTTP/1.1
response from proxy for some previous request.

If proxy wants use this, then it is better to support
HTTP/1.1

https://tools.ietf.org/html/rfc7230#section-6.1

|   When a header field aside from Connection is used to supply control
|   information for or about the current connection, the sender MUST list
|   the corresponding field-name within the Connection header field.  A
|   proxy or gateway MUST parse a received Connection header field before
|   a message is forwarded and, for each connection-option in this field,
|   remove any header field(s) from the message with the same name as the
|   connection-option, and then remove the Connection header field itself
|   (or replace it with the intermediary's own connection options for the
|   forwarded message).

/ Kari Hurtta
Received on Wednesday, 2 March 2016 16:37:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC