- From: Roland Zink <roland@zinks.de>
- Date: Wed, 24 Jun 2015 12:54:08 +0200
- To: ietf-http-wg@w3.org
Received on Wednesday, 24 June 2015 10:54:32 UTC
On 24.06.2015 12:03, Adrien de Croy wrote:
>
> I think the problem scenario is the active network attacker between
> the client and the proxy.
>
> Since the client to proxy connection is not secured, the attacker can
> send anything back they like (including a 200 OK, but connect to
> something else or not).
This needs to be changed, although some browsers already support secure
connections to the proxy. Chrome can do secure connections to the proxy
when given HTTPS instruction (instead of PROXY) in a PAC file. Anybody
know if it will display error messages from the proxy then?
Roland
function FindProxyForURL(url, host) {
return "HTTPS proxy.com:7128";
}
Received on Wednesday, 24 June 2015 10:54:32 UTC