- From: Sam Pullara <spullara@gmail.com>
- Date: Tue, 2 Jul 2013 10:44:01 -0700
- To: HTTP Working Group <ietf-http-wg@w3.org>
On Jul 2, 2013, at 10:36 AM, David Morris <dwm@xpasc.com> wrote: > Reverse proxies are invisible to the client. Any trust issue is the same > whether one connection or multiple connections are used when traffic > ends up at the reverse proxy. > > There is a fundamental flaw in the orgin server security, if you can > trust the server to deliver the original resource but can't trust it > to deliver any pushed content referenced by that page. After all, if > the server owner wants to break trust, it can just rewrite all the > URLs in the base resource to refrence itself and then proxy the > content which isn't local. Browsers associate security with the origin server. If I can serve content from an arbitrary origin that is a problem without trust. Rewriting the URLs with a different origin solves this problem and thus is not an issue. > > If we feel there is a security requirement here, it should be along > the lines of: > > The host name specified in a PUSH_PROMISE must have a DNS entry > which includes the IP address of server sending the PUSH_PROMISE. This would allow one domain on a VPS serve content for any other domain on a VPS. Sam > > This doesn't apply to visible proxies. >
Received on Tuesday, 2 July 2013 17:44:30 UTC