Re: Headers modified along the way against user (non) choices

On Nov 10, 2011, at 3:25 , Karl Dubost wrote:

>  And a proxy can still modify it on the way back too.


Plenty of proxies and other intermediates 'innocently' delete or otherwise mangle headers.  We need to recognize this and handle it gracefully.

We don't need to handle deliberately malicious proxies that modify both the request and the response, to make it appear to the user that the state is one thing, when the state at the server is another.  Indeed, without signatures, encryption, end-to-end stuff and a lot of heavy mechanism, we can't.


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Thursday, 10 November 2011 03:52:49 UTC