Changeset 1108 for draft-ietf-httpbis/latest

Timestamp:

09/02/11 01:13:40 (11 years ago)

Author:

fielding@…

Message:

Refine definition of interception proxy and add references to
RFC1919 and RFC3040.

Addresses #210

File:

• draft-ietf-httpbis/latest/p1-messaging.xml (modified) (4 diffs)

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -691 +691 @@
 <iref primary="true" item="transforming proxy"/>
 <iref primary="true" item="non-transforming proxy"/>
-   An HTTP-to-HTTP proxy is called a "transforming proxy" if it designed
+   An HTTP-to-HTTP proxy is called a "transforming proxy" if it is designed
    or configured to modify request or response messages in a semantically
    meaningful way (i.e., modifications, beyond those required by normal
@@ -732 +732 @@
    through a shared firewall proxy.
 </t>
-<t><iref primary="true" item="intercept"/><iref primary="true" item="transparent proxy"/>
+<t><iref primary="true" item="interception proxy"/><iref primary="true" item="transparent proxy"/>
    In addition, there may exist network intermediaries that are not
    considered part of the HTTP communication but nevertheless act as
    filters or redirecting agents (usually violating HTTP semantics,
    causing security problems, and otherwise making a mess of things).
-   These network intermediaries are often referred to as "intercepts"
-   or "transparent proxies", and are commonly found on public network
-   access points as a means of enforcing account subscription prior to
-   allowing use of non-local Internet services.
+   Such a network intermediary, referred to as an "interception proxy"
+   <xref target="RFC3040"/> or "transparent proxy" <xref target="RFC1919"/>,
+   differs from an HTTP proxy because it has not been selected by the client.
+   Instead, the network intermediary redirects outgoing TCP port 80 packets
+   (and occasionally other common port traffic) to an internal HTTP server.
+   Interception proxies are commonly found on public network access points
+   as a means of enforcing account subscription prior to allowing use of
+   non-local Internet services.  They are indistinguishable from a
+   man-in-the-middle attack.
 </t>
 </section>
@@ -4341 +4346 @@
 </reference>
 
+<reference anchor='RFC1919'>
+  <front>
+    <title>Classical versus Transparent IP Proxies</title>
+    <author initials='M.' surname='Chatel' fullname='Marc Chatel'>
+      <organization />
+      <address><email>mchatel@pax.eunet.ch</email></address>
+    </author>
+    <date year='1996' month='March' />
+  </front>
+  <seriesInfo name='RFC' value='1919' />
+</reference>
+
 <reference anchor="RFC1945">
   <front>
@@ -4535 +4552 @@
   </front>
   <seriesInfo name='RFC' value='2965' />
+</reference>
+
+<reference anchor='RFC3040'>
+  <front>
+    <title>Internet Web Replication and Caching Taxonomy</title>
+    <author initials='I.' surname='Cooper' fullname='I. Cooper'>
+      <organization>Equinix, Inc.</organization>
+    </author>
+    <author initials='I.' surname='Melve' fullname='I. Melve'>
+      <organization>UNINETT</organization>
+    </author>
+    <author initials='G.' surname='Tomlinson' fullname='G. Tomlinson'>
+      <organization>CacheFlow Inc.</organization>
+    </author>
+    <date year='2001' month='January' />
+  </front>
+  <seriesInfo name='RFC' value='3040' />
 </reference>