Re: #179: Relax Via MUST

Mark Nottingham wrote:
>
> On 17/07/2009, at 5:05 PM, Adrien de Croy wrote:
>
>>
>> yes, I think many specific-application proxies don't put Via in, 
>> probably for that reason.
>>
>> in fact I think many proxies also mirror the HTTP version they 
>> received in the request through to the next hop.
>
> Yes, that probably could use some emphasis as well.

httpbis-p2-messaging-07 has the following text in s 3.1

"Due to interoperability problems with HTTP/1.0 proxies discovered since 
the publication of [RFC2068], caching proxies MUST, gateways MAY, and 
tunnels MUST NOT upgrade the request to the highest version they support. "

gateways cover scenarios such as a reverse proxy
tunnels seems to refer to tunnelling via CONNECT (or even just a dumb 
mapping)

what about non-caching proxies?  Is it intended that only caching 
proxies have the must requirement, or should this apply to all proxies?


Section 2.4 looks ambitious!!! is that what I think it is?  Intercepting 
the TCP connection?  Even though WinGate does it, and clients want it, 
we recommend against it.  It does horrible things to auth.


Regards

Adrien

>
>>
>> Transparent proxies are still required to insert Via?
>
> If you mean intercepting, yes (although they're not really kosher, 
> it's still necessary for them to do this if the various protocol 
> features that depend upon it are going to function).
>
>
>>
>> Mark Nottingham wrote:
>>> In the back of my head, I've actually been thinking it would be 
>>> useful to note that Via is necessary for operation of some protocol 
>>> features, which is why there's the option for a minimal Via header, 
>>> e.g. "1.1 foo".
>>>
>>> I say this because I suspect that many implementers just don't 
>>> realise that it has these uses. Of course, you're not going to 
>>> dissuade the more paranoid folks from stripping anything that looks 
>>> like intermediation, but oh well.
>>>
>>> Cheers,
>>>
>>>
>>> On 17/07/2009, at 4:40 PM, Adrien de Croy wrote:
>>>
>>>>
>>>> I think it might have been me that raised this issue a while back
>>>>
>>>> I agree it needs to be closed with no action.
>>>>
>>>> Taking it out breaks too much stuff.
>>>>
>>>> The original query related to customers who have unreasonable ISPs 
>>>> who don't want customers to run proxies to get more use out of 
>>>> their link, these customers didn't want there to be anything in 
>>>> their HTTP requests that would give away the existence of a proxy.
>>>>
>>>> I think this case is probably best handled with an option (default 
>>>> off) to make the proxy "stealthy", which strictly speaking makes it 
>>>> broken (no outbound Via).  Inbound Via is another matter and 
>>>> doesn't have any privacy issues.
>>>>
>>>> It's probably even less of an issue now with the prevalence of 
>>>> proxies for other purposes, even running on the local machine (e.g. 
>>>> some filtering / AV software installs a proxy for localhost).
>>>>
>>>> Thanks
>>>>
>>>> Adrien
>>>>
>>>>
>>>> Roy T. Fielding wrote:
>>>>> On Jul 16, 2009, at 5:13 PM, Mark Nottingham wrote:
>>>>>
>>>>>> I'm fine closing this with no action; IIRC the previous 
>>>>>> discussion was leaning towards removing the requirement.
>>>>>>
>>>>>> Others?
>>>>>
>>>>> There is no way we can remove the requirement without removing
>>>>> half a dozen other features.  Intermediaries that don't send
>>>>> Via are broken and will continue to be broken even if the
>>>>> requirement doesn't exist.
>>>>>
>>>>> ....Roy
>>>>>
>>>>>
>>>>
>>>> -- 
>>>> Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
>>>>
>>>
>>>
>>> -- 
>>> Mark Nottingham     http://www.mnot.net/
>>>
>>>
>>
>> -- 
>> Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
>>
>
>
> -- 
> Mark Nottingham     http://www.mnot.net/
>
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com

Received on Friday, 17 July 2009 11:58:30 UTC