- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 27 May 2014 10:20:28 -0700
- To: Martin Nilsson <nilsson@opera.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 26 May 2014 17:08, Martin Nilsson <nilsson@opera.com> wrote: > #2 As a transparent proxy you could observe a client make a request, get an > response lacking alt-svc, and inject one to get the client to connect > through TLS to the proxy (given client support). The proxy needs a way to > distinguish between these TLS connections and "real" (opportunistic or > https-initiated) TLS connections from the client, which currently can only > be done by picking a differnt port that is unlikely (or probed not) to be in > use. It would mess with alt-svc caching however. I think that the decision so far has been to keep proxy use orthogonal to its operation. Yes, as defined, a transparent proxy could opportunistically upgrade either (or both) links that it maintains. It won't be able to make this situation more permanent though, that would enable a DoS attack.
Received on Tuesday, 27 May 2014 17:20:55 UTC