W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-03.txt

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 27 May 2014 10:20:28 -0700
Message-ID: <CABkgnnWMWsVSD6sZiZn=hJe8OpBKw1hycQe6jUd9Q2tW3Mitaw@mail.gmail.com>
To: Martin Nilsson <nilsson@opera.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 26 May 2014 17:08, Martin Nilsson <nilsson@opera.com> wrote:
> #2 As a transparent proxy you could observe a client make a request, get an
> response lacking alt-svc, and inject one to get the client to connect
> through TLS to the proxy (given client support). The proxy needs a way to
> distinguish between these TLS connections and "real" (opportunistic or
> https-initiated) TLS connections from the client, which currently can only
> be done by picking a differnt port that is unlikely (or probed not) to be in
> use. It would mess with alt-svc caching however.

I think that the decision so far has been to keep proxy use orthogonal
to its operation.

Yes, as defined, a transparent proxy could opportunistically upgrade
either (or both) links that it maintains.  It won't be able to make
this situation more permanent though, that would enable a DoS attack.
Received on Tuesday, 27 May 2014 17:20:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC