RE: LYNX-DEV two curiosities from IETF HTTP session.

[Jim Gettys]

>  From: Yaron Goland <address@hidden>
>  Date: Fri, 12 Dec 1997 08:03:06 -0800
>  To: "'address@hidden'" <address@hidden>
>  Cc: Josh Cohen <address@hidden>,
>          Foteos Macrides
>        <address@hidden>, address@hidden,
>          address@hidden
>  Subject: RE: LYNX-DEV two curiosities from IETF HTTP session.
>  
>  It is still an attack as the origin server, if it has not been
>  authenticated, is just some random server. To remind folks of the problems
>  with click tracking and cookies, a bunch of servers could choose to have
>  requests to them redirected to indicated proxies where advertising and other
>  information will be inserted as needed. This very effectively gets around
>  cookie issues.
>       Yaron
>  

I sense further confusion on this topic....

If you've contacted an origin server, and it redirects you, the
server it has redirected you to is equally the origin server, from
the point of view of trust (i.e. the origin server shouldn't have
done the redirect in the first place if the second server isn't trustworthy).
The second server is fully as authoritative as the first, in terms
of any trust or threat problems.

And if you can't trust your proxy, you have bigger problems to worry about.

So 305 does not introduce the kinds of threats that the 306 proposal did.

To remind you of 306's proposed semantics, it was to redirect you for
this AND SUBSEQUENT REQUESTS, to use a proxy; this is what introduced
the security problem, as the subsequent requests could be sent to
a proxy you had not delegated trust to.

Hope this clarifies things.
                                        - Jim

                                        
--
Jim Gettys
Industry Standards and Consortia
Digital Equipment Corporation
Visting Scientist, World Wide Web Consortium, M.I.T.
http://www.w3.org/People/Gettys/
address@hidden, address@hidden