From 2816f82980850eaa9a5550e7efbda6394fbb38f4 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue, 9 May 2017 14:32:50 -0400
Subject: [PATCH] document explicit proxies as out-of-scope (Closes #4)

---
 draft-dkg-dprive-demux-dns-http.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/draft-dkg-dprive-demux-dns-http.md b/draft-dkg-dprive-demux-dns-http.md
index 4081efa..aa7e709 100644
--- a/draft-dkg-dprive-demux-dns-http.md
+++ b/draft-dkg-dprive-demux-dns-http.md
@@ -165,6 +165,17 @@ other approaches is not advisable.  Doing so safely would require
 explicit and detailed review of all three (or more) protocols
 involved.
 
+Heavily-restricted network environments
+---------------------------------------
+
+Some network environments are so tightly constrained that outbound
+connections on standard TCP ports are not accessible.  In some of
+these environments, an explicit HTTP proxy is available, and clients
+must use the HTTP CONNECT pseudo-method to make https connections.
+While this multiplexing approach can be used in such a restrictive
+environment, it would be necessary to teach the DNS client how to talk
+to the HTTP proxy.  These details are out of scope for this document.
+
 Why not ALPN?
 -------------
 
-- 
GitLab