Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]

On 07.08.2016 19:50, Kari hurtta wrote:
>> configured proxies are not the bug; why not just simpy use plain HTML?
>> your sample chould then just be this simple:
>> HTTP/1.1 403 Forbidden
>> Content-Type: text/html
>> Cache-Control: no-cache
>> <HTML>
> Major browsers do not show this when they get
> that on response of CONNECT -request.
which in fact is caused by something different - my MITM proxy generates 
errors that are shown by my browser;
and these errors are simple HTML

a MITM proxy uses a certificate for signing sites ...

e.g. the proxy uses a certificate called  Proxy-CA, then for every site 
you want to go to there will be a created a SSL certificate which is 
signed by Proxy-CA;
if the Proxy-CA was signed by a CA that is a built in token in the 
certstore of your browser or you have installed the Proxy-CA certificate 
in the certstore yourself, then your browser will show this simple HTML 
error page the proxy is sending;

> Bug 637619 - Display better error messages when HTTPS proxy servers return non-200 error codes
this is not really bug - it was filed at the times the browser (firefox) 
starts warning for invalid or self signed certificates ...
with mnot's "solution" ths would be same;

so where is the advantage of this?

Received on Sunday, 7 August 2016 18:57:08 UTC