- From: Mark Nottingham <mnot@yahoo-inc.com>
- Date: Tue, 24 Feb 2009 10:42:51 +1100
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
See: http://www.kb.cert.org/vuls/id/435052 From an HTTP perspective, there are a number of potential reactions; 1) intercepting proxies are bad; we told you so! 2) we should accommodate intercepting proxies in HTTPbis, because they're a reality. 2a) we should note this type of attack in Security Considerations, and more strongly recommend that clients send an absolute URI on the request-line, even when not using a configured proxy. Just food for thought... Cheers, -- Mark Nottingham
Received on Monday, 23 February 2009 23:43:47 UTC