Re: Deploying new expectation-extensions from Adrien de Croy on 2008-04-06 (ietf-http-wg@w3.org from April to June 2008)

From: Adrien de Croy <adrien@qbik.com>
Date: Sun, 06 Apr 2008 13:00:23 +1200
To: Mark Nottingham <mnot@mnot.net>
CC: Henrik Nordstrom <henrik@henriknordstrom.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <47F820A7.70302@qbik.com>

there was a recent discussion about Via and whether it should become a 
SHOULD level requirement (I think related to an editorial change).

In any case, I believe there are still plenty of customers that don't 
want their ISP to know they are using a proxy server.  These people 
really don't want via headers leaking out.  Yep, there are some ISPs 
still (haven't gone out of business yet) that don't like their customers 
using a proxy to obtain more use out of what they pay for.  At least the 
last time I got a customer request about this wasn't that long ago.

* Intercepting transparent proxies - should they insert a Via?  then 
they aren't transparent any more.  Even changing the request HTTP 
version is dodgy enough in that situation (let alone that the whole 
concept of intercepting transparent proxies is dodgy).
* Reverse proxies?

In any case, IMO using Via for anything except tracing is fragile 
(relies on 3rd-hand information) although I guess pretty much everything 
about a forwarded request relies on 3rd hand information at the origin 
server.  Are there any known implementations of any servers that change 
behaviour based on the path a request takes to them?

I guess this is another instance of where customer wishes and protocol 
designs are at loggerheads.  Unfortunately implementors of protocols 
have to deal with customers and commercial/competitive issues.

Adrien

Mark Nottingham wrote:
>
> +1
>
> It may be worth putting a few words around Via so that people 
> understand its function. The folks on this list won't be around 
> forever to educate them (and although the list archives will be there, 
> most won't bother with them).
>
> Cheers,
>
>
>
> On 06/04/2008, at 10:18 AM, Henrik Nordstrom wrote:
>
>>
>> sön 2008-04-06 klockan 10:06 +1000 skrev Mark Nottingham:
>>> /me shakes head at self... good point.
>>>
>>> The problem that this raises is that many people configure their
>>> proxies to not send Via headers. This breaks the algorithm that Roy
>>> posts later on...
>>
>> Yes, and the specs says...
>>
>>        The Via general-header field MUST be used by gateways and
>>        proxies to indicate the intermediate protocols and recipients
>>        between the user agent and the server on requests
>>
>> The only way forward on that is educating implementers about the
>> importance of Via, and make them expose the following feature instead or
>> allowing Via to be removed:
>>
>>        However, if the real host is considered to be sensitive
>>        information, it MAY be replaced by a pseudonym.
>>
>> which is the correct resolution to the issue people try to solve by
>> removing the Via header..
>>
>> Regards
>> Henrik
>>
>
>
> -- 
> Mark Nottingham     http://www.mnot.net/
>
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com

Received on Sunday, 6 April 2008 00:59:40 UTC