- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 03 Jul 2018 11:30:21 +0000
- To: Mark Nottingham <mnot@mnot.net>
- cc: HTTP Working Group <ietf-http-wg@w3.org>, "Ludin, Stephen" <sludin@akamai.com>, Nick Sullivan <nick@cloudflare.com>
-------- In message <61558315-BD09-4B11-A7DB-E2B6AF34028A@mnot.net>, Mark Nottingham writes: >The problem with something like Max-Forwards is that it requires all >participants to actively process it. CDN-Loop works because I can insert >my token and look for it in requests; if it appears, I know there's some >sort of loop. As long as nobody in the loop removes the header, it will eventually do its job if just one proxy in the loop decrements and tests it for zero. A header which exposes the layering of the full sandwich is at the very least worrisome from a security point of view. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 3 July 2018 11:30:48 UTC