In a previous episode Benjamin Lee said...
::
::
:: yeah i must say, transparent proxying was a great invention!
::
:: except (of course) that it won't work if the proxy puter ain't sitting
:: between the clients and the rest of the net! ;-) oh well, can't have a
:: cake and eat it too eh?
and except (of course) that it breaks end2end security things like
IPSec
and except (of course) that network transparent proxying is really a
polite term for IP hijacking
and except (of course) that network transparent proxies can break
caching schemes because a HTTP stream to proxy is not the same as an
HTTP stream to an origin server and you may not get the most out of
your browser that you would if you didn't lie to it and it may violate
privacy policies that would not happen if it was an announced proxy.
and except (of course) that network transparent proxies can inhibit
new METHOD migration and end up operating as defacto firewalls..
none of these things are a problem with explicit l7 aware proxies.
the *only* good thing about network transparent proxies is that they
require zero client configuration.. clearly a laudable thing. but
something from the WPAD genre can do that job much much much
better.. HTTP is defined hop to hop at level 7.. trying to run it end
to end and then peak in between protocol levels to achieve the same
thing is guaranteed to break far more often as the levels can't scale
to maintain appropriate context and independence (which we're already
seeing)..
-P
Received on Mon Aug 30 1999 - 17:06:02 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:08 MST