> I think the security section misses a comment on 'open' proxies.
> Probably one of the most common issue on abusing caching proxies today,
> this should go into the Authentication section, since obviously
> a proxy here hides the client's IP address from the server,
> and makes it more difficult to trace the attacker.
It is an issue, but is it an issue with replication and caching, or is
it a generic proxy issue? I decided to leave it out, as it is proxy
related and adding caching does not change the picture
> Somehow related would be also implications on IP based authentication,
> however I'm not sure if this fits into the security section at all ?
When you do IP based authentication at the server,
you assume that the end-to-end properties of the Internet are intact;
and you assume that you are connecting client-server (not
proxy-server). This is another of the cases where proxies and security
have fun.
The thing to do would probably be to add a clarification that generic
proxy security issues are not covered.
Ingrid
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:27 MST