Re: Hello from Mozilla

From: Ian Hickson <ian_at_hixie.ch>
Date: Wed, 15 Jul 2009 07:34:02 +0000 (UTC)

On Wed, 15 Jul 2009, Mark Nottingham wrote:
>
> Upgrade is hop-by-hop, so it's pretty limiting.

Do man-in-the-middle proxies count as a hop for the purposes of HTTP? As
far as I can tell from the HTTP spec, the client is supposed to know
whether it is speaking to a proxy or not, so man-in-the-middle proxies
don't affect the hop-by-hop semantics... but it's not entirely clear.

> Ian, an example:
>
> An intermediary (transparent, intercepting or whatever) can and often
> does add arbitrary headers; e.g., x-forwarded-for. This is completely
> legal in HTTP, where headers that are not understood are ignored, and
> additionally several headers have provisions to change values in headers
> as well (e.g., transfer-encoding, te, via, connection).
>
> They're also allowed to change the formatting of the message; e.g.,
> re-wrap headers, normalise whitespace.

Sure, but that's why we have the TLS-over-port-443 option. In the cases
where there is uncooperative network infrastructure, the client can just
switch to that, and then there's no way the connection can be affected.

> Specifying a bit-for bit handshake is incredibly fragile.

Not doing so is unacceptably insecure for this use case, IMHO. We can't
run the risk of Web pages hitting SMTP servers and sending spam, or poking
at intranet servers, or who knows what else.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wed Jul 15 2009 - 07:34:05 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 16 2009 - 12:00:05 MDT