IPP> RE: Implications of introducing new scheme and port for existing

IPP> RE: Implications of introducing new scheme and port for existing

Vinod Valloppillil vinodv at exchange.microsoft.com
Tue Jun 2 11:15:39 EDT 1998 

Rob's argument is broadly correct -- as a long term firewall design issue,
method inspection (and occasionally payload inspection) will become the
rule.


However, as a small carrot to today's protocol designers, the vast majority
of the installed base of firewalls do no method / payload inspection on HTTP
data being passed through.   Purely from the perspective of 'reach' there's
no impediment to IPP using it's own method in the short run.


> -----Original Message-----
> From:	Rob Polansky [SMTP:polansky at raptor.com]
> Sent:	Tuesday, June 02, 1998 6:06 AM
> To:	David W. Morris
> Cc:	http-wg; ipp at pwg.org
> Subject:	RE: Implications of introducing new scheme and port for
> existing  HTTP servers
> 
> I know of at least one :-) firewall that not only rejects unknown methods
> but also examines the HTTP request method as part of its "algorithm". From
> a
> protocol and security perspective, it appears to be the right thing to do.
> If you don't understand the method, how can you properly proxy it? Take
> the
> CONNECT method as an example.
> 
> In summary, any proxy that is more than a simple packet passer (supports
> CONNECT, protocol conversion, proxy authentication, etc.) runs the risk of
> failing to pass IPP if it uses a new scheme and/or a new method. Not that
> that's a bad thing... :-)
> 
> -Rob Polansky
> 
> > -----Original Message-----
> > From: David W. Morris [mailto:dwm at xpasc.com]
> > Sent: Monday, June 01, 1998 10:34 PM
> > To: Carl-Uno Manros
> > Cc: http-wg at cuckoo.hpl.hp.com; ipp at pwg.org; http-wg at hplb.hpl.hp.com
> > Subject: Re: Implications of introducing new scheme and port for
> > existing HTTP servers
> >
> > (I'm also not wild about new HTTP methods as I know of existing proxies
> > which will reject unknown methods. Don't know of any which will accept
> > unknown methods. I'm also unaware of any firewall software which
> examines
> > the HTTP request method as part of its algorithm but then I'm not a
> > firewall expert.)
> >

More information about the Ipp mailing list
Our website uses cookies on your device to give you the best user experience. By using our website, you agree to the placement of these cookies. To learn more, read our privacy policy. Read Privacy Policy