Re: HTTP 2.0 mandatory security vs. Amateur Radio

Le Ven 15 novembre 2013 07:47, Willy Tarreau a écrit :

> The CONNECT method is used to open tunnels through proxies and all proxy
> users who browse in HTTPS use it.

Which makes it a security nightmare, since its allows tunneling any
protocol without control and there are products on the market that
advertise the ability of using connect to bypass any firewall rule.

Thus I resent pretending that connect makes http reliable since it main
point today seems to be to tunnel random non-http junk through security

(and I know any encrypted payload by nature can not be controlled but
there is a difference between accepting encrypted bodies inside http
frames with http signalling and tunnelling whole protocols pretty much

Nicolas Mailhot

Received on Friday, 15 November 2013 07:07:51 UTC