- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Thu, 14 Nov 2013 12:38:30 +0100
- To: "James M Snell" <jasnell@gmail.com>
- Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Mike Bishop" <michael.bishop@microsoft.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Le Mar 12 novembre 2013 17:43, James M Snell a écrit : > Content filtering is a different matter entirely, and usually happens > in a way that is content-sensitive. I like "usually". The truth is that outside advertisers, the NSA and Hollywood movies the amount of content analysis done out there is very minimal. There is known safe stuff, known unsafe stuff, a lot of probably safe stuff, and weird-stuff-we-dont-have-time-to-analyse-that-we-will-drop-for-now What I'm use is any part of the spec with "use this if you want to avoid filtering" is certain to be abused sooner than later. Just like port 443 and https encapsulation have been abused widely as soon as it become clear it avoided lots of controls. > The kind of "silent dropping" > that's being discussed here is indiscriminate, with no consideration > being given to the frame content. The fact of the matter is that > silently dropping end-to-end frames without understanding why they've > been transmitted is extremely dangerous. So is "blindly accept what you don't know". No security professional will sign on such a proposal, since he has to justify why he let dangerous traffic pass in case of incident. -- Nicolas Mailhot
Received on Thursday, 14 November 2013 11:39:01 UTC