From 919221b48d2488ee4f060f961e01cf10dc7c3b22 Mon Sep 17 00:00:00 2001
From: Tommy Pauly <tpauly@apple.com>
Date: Wed, 19 Apr 2023 07:26:40 -0700
Subject: [PATCH 1/2] Require encryption

Closes #163
---
 draft-ietf-masque-connect-ip.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/draft-ietf-masque-connect-ip.md b/draft-ietf-masque-connect-ip.md
index 2e94d58..423eb0c 100644
--- a/draft-ietf-masque-connect-ip.md
+++ b/draft-ietf-masque-connect-ip.md
@@ -210,6 +210,9 @@ HTTP-DGRAM}}), IP proxying requests do not carry any message content.
 Similarly, successful IP proxying responses also do not carry any message
 content.
 
+IP proxying over HTTP MUST use TLS or QUIC encryption, or another equivalent
+encryption protocol, to provide confidentiality, integrity, and authentication.
+
 ## IP Proxy Handling
 
 Upon receiving an IP proxying request:

From 61825c57642bda1f510252753618f35b8f6e08df Mon Sep 17 00:00:00 2001
From: Tommy Pauly <tpauly@apple.com>
Date: Wed, 19 Apr 2023 09:29:06 -0700
Subject: [PATCH 2/2] Update draft-ietf-masque-connect-ip.md

Co-authored-by: David Schinazi <DavidSchinazi@users.noreply.github.com>
---
 draft-ietf-masque-connect-ip.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-ietf-masque-connect-ip.md b/draft-ietf-masque-connect-ip.md
index 423eb0c..1289ba3 100644
--- a/draft-ietf-masque-connect-ip.md
+++ b/draft-ietf-masque-connect-ip.md
@@ -210,7 +210,7 @@ HTTP-DGRAM}}), IP proxying requests do not carry any message content.
 Similarly, successful IP proxying responses also do not carry any message
 content.
 
-IP proxying over HTTP MUST use TLS or QUIC encryption, or another equivalent
+IP proxying over HTTP MUST be operated over TLS or QUIC encryption, or another equivalent
 encryption protocol, to provide confidentiality, integrity, and authentication.
 
 ## IP Proxy Handling