Jul 8, 2012, 6:54:55 PM (7 years ago)

we know they exist, so reword section on lower-level network intermediaries

1 edited


  • draft-ietf-httpbis/latest/p1-messaging.xml

    r1742 r1744  
    519519   through a shared firewall proxy.
    521 <t><iref primary="true" item="interception proxy"/><iref primary="true" item="transparent proxy"/>
     521<t><iref primary="true" item="interception proxy"/>
     522<iref primary="true" item="transparent proxy"/>
    522523<iref primary="true" item="captive portal"/>
    523    In addition, there might exist network intermediaries that are not
    524    considered part of the HTTP communication but nevertheless act as
    525    filters or redirecting agents (usually violating HTTP semantics,
    526    causing security problems, and otherwise making a mess of things).
    527    Such a network intermediary, often referred to as an "<x:dfn>interception proxy</x:dfn>"
    528    <xref target="RFC3040"/>, "<x:dfn>transparent proxy</x:dfn>" <xref target="RFC1919"/>,
    529    or "<x:dfn>captive portal</x:dfn>",
    530    differs from an HTTP proxy because it has not been selected by the client.
    531    Instead, the network intermediary redirects outgoing TCP port 80 packets
    532    (and occasionally other common port traffic) to an internal HTTP server.
     524   The above categories for intermediary only consider those acting as
     525   participants in the HTTP communication.  There are also intermediaries
     526   that can act on lower layers of the network protocol stack, filtering or
     527   redirecting HTTP traffic without the knowledge or permission of message
     528   senders. Network intermediaries often introduce security flaws or
     529   interoperability problems by violating HTTP semantics.  For example, an
     530   "<x:dfn>interception proxy</x:dfn>" <xref target="RFC3040"/> (also commonly
     531   known as a "<x:dfn>transparent proxy</x:dfn>" <xref target="RFC1919"/> or
     532   "<x:dfn>captive portal</x:dfn>")
     533   differs from an HTTP proxy because it is not selected by the client.
     534   Instead, an interception proxy filters or redirects outgoing TCP port 80
     535   packets (and occasionally other common port traffic).
    533536   Interception proxies are commonly found on public network access points,
    534537   as a means of enforcing account subscription prior to allowing use of
Note: See TracChangeset for help on using the changeset viewer.