RE: #250 / #251 (connect bodies) from Juan M. Sierra Lebrón on 2010-10-29 (ietf-http-wg@w3.org from October to December 2010)

From: Juan M. Sierra Lebrón <jsierra@economistes.com>
Date: Fri, 29 Oct 2010 09:56:49 +0200
To: "'Adrian Chadd'" <adrian@creative.net.au>, "'Willy Tarreau'" <w@1wt.eu>
Cc: "'Mark Nottingham'" <mnot@mnot.net>, "'Adam Barth'" <w3c@adambarth.com>, "'Julian Reschke'" <julian.reschke@gmx.de>, "'Adrien de Croy'" <adrien@qbik.com>, "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-ID: <000401cb773e$d79bc9e0$86d35da0$@com>

We send this mail from a law firm.
We are not interested in receiving emails advertising.
Under Law 34/2002 of 11 July, Services of information society and electronic commerce, you are notified about the responsibility that you may incur if you keep sending emails.
We want that our data are deleted from its database
Sincerely.

EVIAL ASESORES
Juan M. Sierra Lebrón
jsierra@economistes.com 
C/ Pau Claris, 190 - 2º 1ª  -  08037 Barcelona
Telf. 935 157 234 -  Fax 934 873 677

Cláusula confidencial
El contenido de este mensaje y cualquier documento adjunto al mismo son confidenciales. Tienen el sólo propósito de su uso por el individuo o entidad designado como receptor. Si recibe este mensaje por error, se le informa, que su lectura, divulgación, copia o distribución está estrictamente prohibida y le rogamos nos lo notifique por e-mail a (jsierra@economistes.com).
 Antes de imprimir este e-mail, piense bien si es necesario hacerlo.

-----Mensaje original-----
De: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] En nombre de Adrian Chadd
Enviado el: viernes, 29 de octubre de 2010 8:29
Para: Willy Tarreau
CC: Mark Nottingham; Adam Barth; Julian Reschke; Adrien de Croy; HTTP Working Group
Asunto: Re: #250 / #251 (connect bodies)

On Fri, Oct 29, 2010, Willy Tarreau wrote:
> On Fri, Oct 29, 2010 at 04:41:14PM +1100, Mark Nottingham wrote:
> > It's not free, as evidenced by the hoops that are being jumped through to try to make sure that it isn't treated like HTTP.
> 
> No, we're trying to make sure it *is* treated like HTTP even on non
> completely HTTP compliant stacks which could possibly treat the tunnelled
> data as HTTP too while they must not. Otherwise, the 101+upgrade perfectly
> fits the purpose.

I know I've asked this before, but what about devices that wish to pull apart
the CONNECT traffic (MITM security appliances) and, deciding the traffic
isn't actually HTTP, quite rightly denies it?

What about statistical fingerprinting of traffic? (ie, fingerprinting
whether a CONNECT session is likely to be HTTP or not based on exchanged
traffic patterns.)

Adrian

Received on Friday, 29 October 2010 07:54:55 UTC