On Tue, Sep 06, 2011 at 10:05:48PM +0100, Stephen Farrell wrote: > > Hi Richard, > > On 09/06/2011 06:57 PM, Richard L. Barnes wrote: > >IMO, this is a pretty strong argument against masking, given how low the > >observed rate of buggy intermediaries is (~0.0017%) and how high the > >observed rate of malware propagation is. > > > I'm not sure what you're comparing there. Can you elaborate? > > In fact, I'm not sure I get the malware argument. Malware > authors are also free to obfuscate or mask their stuff, > when both sides of the conversation but not the intermediaries > are controlled as would be the case here. Or maybe I'm > missing something? No you're not missing anything, some malware even communicate via micro-messaging such as twitter nowadays, this is plain valid HTTP ! > I personally think the masking thing is pretty ugly. But I > have to (reluctantly) admit I think it does what its > supposed to do. At this stage I think it comes down to > either doing the masking or not using port 80. Indeed. Also the masking is optional in the protocol but defined as mandatory in clients. So some special applications might very well not implement it at all and some day it's very likely that we'll get rid of it by default, just like the web doesn't work well if you omit to post a Host header today. Regards, Willy _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf