Re: SSL Tunneling; Informational RFC; Last call?

Forwarding note from: Martin Presler-Marshall <> Tue, 16 Sep 1997 11:24:06 -0400

 There is, I hope, one bug in this draft. In section 6, an example is given of
a non-200 return code (specifically, a 407) from the proxy. After the plaintext
HTTP header, the draft says that "...SSL data..." will be sent. This violates
the requirement that the proxy need not have a complete SSL implementation. The
proxy server, assuming that it doesn't actually understand SSL - or whatever
protocol is being tunneled - can only sent back a standard HTTP/1.0 or HTTP/1.1
response. Therefore, the 407 response (or any other error response) should send
back a content-type in its headers, and the appropriate type of response -
unencrypted - in its content-body.

 This then begs the question of whether the "200 OK" response to a CONNECT
request should include a content-type (our tunneling implementation does not
currently send one). I think that it should, and a new MIME type like
"application/tunnel" should be sent. This is obviously not a requirement, but
would be nice for completeness.

 -- Martin

Richard L. Gray
chocolate - the One True food group


Received on Tuesday, 16 September 1997 09:45:39 UTC