Re: MITM and proxy messages [was: Call for Adoption: draft-song-dns-wireformat-http]

On 07.08.2016 21:07, Kari hurtta wrote:
> Yes, content was
> | In our customer base, the biggest driver to deploy MitM is the refusal
> | of browsers to display block pages from denied CONNECT requests.
> does not require MITM.
of course not; and the result will be the same ...
> That can be show when CONNECT fails and tunneled TLS
> is not established.
not really; when the proxy refuse connections without MITM, then the 
result the proxy replies is nearly the same
and the result the browser does also ...

when the agent is too stupid to present this

HTTP/1.1 403 Forbidden
Content-Type: text/html
Cache-Control: no-cache

<META  HTTP-EQUIV="Content-Type"CONTENT="text/html; charset=iso-8859-1">
<TITLE>Policy Violation</TITLE>
<H1>Policy Violation</H1>
<LI>This content is above your pay grade.<A HREF=""  <>>More Info</A>.
<ADDRESS>Acme Networks Proxy</ADDRESS>

it won't present this:

     HTTP/1.1 403 Forbidden
     Content-Type: application/proxy-explanation+json
     Cache-Control: no-cache

       "name": "Acme Networks"
       "title": "Policy Violation"
       "description": "This content is above your pay grade."
       "moreinfo": ""


no difference;

the error the proxy replies could also be the following:

     HTTP/1.1 403 Forbidden
     Content-Type: text/plain
     Cache-Control: no-cache

     Acme Networks Proxy says: "Policy Violation"
     Because: This content is above your pay grade.
     For more informations see:


Received on Sunday, 7 August 2016 20:06:38 UTC