- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 17 Jan 2014 11:28:48 +0100
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- CC: Gabriel Montenegro <gabriel.montenegro@microsoft.com>, Zhong Yu <zhong.j.yu@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Osama Mazahir <osamam@microsoft.com>, Dave Thaler <dthaler@microsoft.com>, Mike Bishop <michael.bishop@microsoft.com>, Matthew Cox <macox@microsoft.com>
On 2014-01-17 11:18, Nicolas Mailhot wrote: > > Le Jeu 16 janvier 2014 22:32, Julian Reschke a écrit : > >> A proxy does not need to normalize. Full stop. There is no issue here, > > A security proxy does need to normalize. Full stop. Otherwise malware can > trivially bypass security blocks by fuzzing encoding enough the proxy does > not realize anymore the block needs to be applied. Are you talking about normalization beyond removing unneeded percent-escapes? Best regards, Julian
Received on Friday, 17 January 2014 10:29:21 UTC