RFC 3620:The TUNNEL Profile
RFC-Ref

A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W - X

proxy

Click on the red underlined text to get to the source

1. Rationale
... destination that it is, indeed, the final destination. The term "proxy" is used to refer any of the BEEP peers other than the initiator ...
... the firewall makes a connection to the proxy, then ask that proxy to make a connection ...
... firewall makes a connection to the proxy, then ask that proxy to make a connection to an endpoint ...
... firewall. Once this connection is established, the proxy tells the outside endpoint that it will be tunneling ...
... endpoint that it will be tunneling. If the outside machine agrees, the proxy "gets out of the way," simply passing octets transparently, and both the initiating and terminating machines perform a "tuning reset," not ...
... user identity negotiated via SASL. For example, a manager may connect to a proxy, authenticate herself with SASL, ...
... authenticate herself with SASL, then instruct the proxy to tunnel to an information service ...
... tunnel to an information service restricted to managers. Since each proxy knows the identity of the next proxy ...
... proxy knows the identity of the next proxy being requested, it can refuse to tunnel connections if ...
... Once both endpoint machines are connected, the tunneling proxy machine does no further interpretation of the data. In particular, it does not look for any BEEP ...
... certificates appropriate to the endpoints rather than the proxy, with the assurance that even the proxy cannot access the information ...
... endpoints rather than the proxy, with the assurance that even the proxy cannot access the information exchanged. ...


2. Examples
... A simple one-hop connection through a single proxy is illustrated first. ...
... The second example shows the initiator connecting to its proxy, that proxy connecting to another, and finally that second proxy ...
... initiator connecting to its proxy, that proxy connecting to another, and finally that second proxy finding a service ...
... proxy, that proxy connecting to another, and finally that second proxy finding a service outside. ...
... The third example shows the initiator connecting through two proxys, the second proxy attempting to connect to the specified service and finding the destination ...
... This example shows the initiator connecting through two proxys, the second proxy attempting to connect to the specified service and accepting that the destination ...
... include the innermost "tunnel" element, and the final proxy ("proxy2") therefore does not expect a BEEP greeting. ...
... element. [3] Each proxy starts transparently forwarding octets after this <ok>. ...
... <ok>. [4] Each proxy forwards any data it received from the final host, even if that data arrived before the <ok> was sent. ...


3. Message Syntax
... The format of the "fqdn" attribute is a fully qualified domain name, such as "proxy.example.com". The format of the "ip4" attribute is four sets of decimal numbers separated by periods, such as "10.23.34.45". The format of the "ip6" attribute is as specified in ...


4. Message Semantics
... profile" attribute, then it must have no nested elements. The proxy processing this element is responsible for determining the appropriate routing ...
... endpoint" attribute, then it must have no nested elements. The proxy processing this element is responsible for determining the appropriate routing ...
... RPY carrying the "ok" element, the proxy begins copying octets directly and without any interpretation between the two underlying transport connections. ...
... element is sent to start the next hop. In this case, the peer is considered a "proxy" (meaning that the next paragraph is applicable). ...
... the next paragraph is applicable). Once the proxy has passed the "tunnel" element on the TUNNEL ...
... RPY carrying the "ok" element, the proxy begins copying octets directly and without any interpretation between the two underlying transport connections ...


6. Reply Codes
... 421 Service not available (E.g., the proxy does not have sufficient resources.) 450 Requested action not taken ...


7. Security Considerations
... limit the hosts and services that a proxy is allowed to contact. It is also reasonable to limit the use of the TUNNEL profile to ...
... certificates are properly configured during the negotiation. The proxy could mount a "man in the middle" attack if public key infrastructure ...
... connection to the firewall proxy, with an innermost "profile" or "endpoint ...
... "endpoint" attribute which the firewall proxy understands. Local provisioning can allow a proxy to translate a particular "profile ...
... firewall proxy understands. Local provisioning can allow a proxy to translate a particular "profile" or "endpoint ...
... indication of whether the queried machine exists. For this attack to be prevented, the proxy must allow only "profile" or "endpoint" ...

A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org