On 7/16/17 7:55 AM, Salz, Rich wrote: > I am not offended. I am saying that if it terminates the connection it > is an endpoint not a middlebox.
Well, maybe. That's certainly the general understanding of middleboxes (i.e that they they are not directly addressed [well, NATs, but] and that they don't terminate traffic) but even way back when we did the original midcom work and produced 3234 (hard to believe it's been 15 years) there was some mushiness around transparency being a requirement for being considered a middlebox. For example, from 3234: Note that HTTP proxies do in fact terminate an IP packet flow and recreate another one, but they fall under the definition of "middlebox" given in Section 1.1 because the actual applications sessions traverse them. However, that's not really a description of the behavior of CDNs - HTTP sessions really do terminate on cache nodes. That said, I'm not sure how this helps sort out the question of what (if anything) needs to be done to satisfy monitoring requirements in some deployments. Melinda
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
