- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 19 Jul 2012 12:23:02 +0200
- To: Anil Sharma <asharma@sandvine.com>
- Cc: Roberto Peon <grmocg@gmail.com>, Paul Hoffman <paul.hoffman@gmail.com>, Phillip Hallam-Baker <hallam@gmail.com>, "grahame@healthintersections.com.au" <grahame@healthintersections.com.au>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Mike Belshe <mike@belshe.com>
On Thu, Jul 19, 2012 at 10:17:39AM +0000, Anil Sharma wrote: > When the request is sent in clear text, the proxy modifies it to force > "safesearch=on" in the requests so that Google refrains from returning > -----------------------------> Why can't TLS proxy do it ( anyways I thought > the browser or the user decides it but even if lets its company policy and > proxy does it for all the request) Just trying to understand...... It would require deciphering the stream, sending a fake certificate pretending to be the real server. Some proxies do this right now, this is one of the ugly tricks we're seeing more and more and that a number of people want to see disappear in favor of a user choice of letting the proxy analyze the contents (the principle of the GET https://). Also if you've read this thread, having a proxy tamper your request in HTTPS without you being aware of it is quite contrary to the directions being taken :-) Regards, Willy
Received on Thursday, 19 July 2012 10:23:33 UTC