Changeset 1744 for draft-ietf-httpbis/latest
- Timestamp:
- 09/07/12 01:54:55 (10 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.html
r1742 r1744 915 915 when transport-layer security is used to establish private communication through a shared firewall proxy. 916 916 </p> 917 <p id="rfc.section.2.3.p.10"><span id="rfc.iref.i.3"></span> <span id="rfc.iref.t.3"></span> <span id="rfc.iref.c.3"></span> In addition, there might exist network intermediaries that are not considered part of the HTTP communication but nevertheless918 act as filters or redirecting agents (usually violating HTTP semantics, causing security problems, and otherwise making a919 mess of things). Such a network intermediary, often referred to as an "<dfn>interception proxy</dfn>" <a href="#RFC3040" id="rfc.xref.RFC3040.1"><cite title="Internet Web Replication and Caching Taxonomy">[RFC3040]</cite></a>, "<dfn>transparent proxy</dfn>" <a href="#RFC1919" id="rfc.xref.RFC1919.1"><cite title="Classical versus Transparent IP Proxies">[RFC1919]</cite></a>, or "<dfn>captive portal</dfn>", differs from an HTTP proxy because it has not been selected by the client. Instead, the network intermediary redirects920 outgoing TCP port 80 packets (and occasionally other common port traffic) to an internal HTTP server. Interception proxies921 are commonly found on public network access points, as a means of enforcing account subscription prior to allowing use of922 n on-local Internet services, and within corporate firewalls to enforce network usage policies. They are indistinguishable923 from a man-in-the-middle attack.917 <p id="rfc.section.2.3.p.10"><span id="rfc.iref.i.3"></span> <span id="rfc.iref.t.3"></span> <span id="rfc.iref.c.3"></span> The above categories for intermediary only consider those acting as participants in the HTTP communication. There are also 918 intermediaries that can act on lower layers of the network protocol stack, filtering or redirecting HTTP traffic without the 919 knowledge or permission of message senders. Network intermediaries often introduce security flaws or interoperability problems 920 by violating HTTP semantics. For example, an "<dfn>interception proxy</dfn>" <a href="#RFC3040" id="rfc.xref.RFC3040.1"><cite title="Internet Web Replication and Caching Taxonomy">[RFC3040]</cite></a> (also commonly known as a "<dfn>transparent proxy</dfn>" <a href="#RFC1919" id="rfc.xref.RFC1919.1"><cite title="Classical versus Transparent IP Proxies">[RFC1919]</cite></a> or "<dfn>captive portal</dfn>") differs from an HTTP proxy because it is not selected by the client. Instead, an interception proxy filters or redirects 921 outgoing TCP port 80 packets (and occasionally other common port traffic). Interception proxies are commonly found on public 922 network access points, as a means of enforcing account subscription prior to allowing use of non-local Internet services, 923 and within corporate firewalls to enforce network usage policies. They are indistinguishable from a man-in-the-middle attack. 924 924 </p> 925 925 <p id="rfc.section.2.3.p.11">HTTP is defined as a stateless protocol, meaning that each request message can be understood in isolation. Many implementations -
draft-ietf-httpbis/latest/p1-messaging.xml
r1742 r1744 519 519 through a shared firewall proxy. 520 520 </t> 521 <t><iref primary="true" item="interception proxy"/><iref primary="true" item="transparent proxy"/> 521 <t><iref primary="true" item="interception proxy"/> 522 <iref primary="true" item="transparent proxy"/> 522 523 <iref primary="true" item="captive portal"/> 523 In addition, there might exist network intermediaries that are not 524 considered part of the HTTP communication but nevertheless act as 525 filters or redirecting agents (usually violating HTTP semantics, 526 causing security problems, and otherwise making a mess of things). 527 Such a network intermediary, often referred to as an "<x:dfn>interception proxy</x:dfn>" 528 <xref target="RFC3040"/>, "<x:dfn>transparent proxy</x:dfn>" <xref target="RFC1919"/>, 529 or "<x:dfn>captive portal</x:dfn>", 530 differs from an HTTP proxy because it has not been selected by the client. 531 Instead, the network intermediary redirects outgoing TCP port 80 packets 532 (and occasionally other common port traffic) to an internal HTTP server. 524 The above categories for intermediary only consider those acting as 525 participants in the HTTP communication. There are also intermediaries 526 that can act on lower layers of the network protocol stack, filtering or 527 redirecting HTTP traffic without the knowledge or permission of message 528 senders. Network intermediaries often introduce security flaws or 529 interoperability problems by violating HTTP semantics. For example, an 530 "<x:dfn>interception proxy</x:dfn>" <xref target="RFC3040"/> (also commonly 531 known as a "<x:dfn>transparent proxy</x:dfn>" <xref target="RFC1919"/> or 532 "<x:dfn>captive portal</x:dfn>") 533 differs from an HTTP proxy because it is not selected by the client. 534 Instead, an interception proxy filters or redirects outgoing TCP port 80 535 packets (and occasionally other common port traffic). 533 536 Interception proxies are commonly found on public network access points, 534 537 as a means of enforcing account subscription prior to allowing use of
Note: See TracChangeset
for help on using the changeset viewer.