W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: options or protocols?

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 5 Apr 2012 13:29:46 +0200
To: "Adrien W. de Croy" <adrien@qbik.com>
Cc: Eliot Lear <lear@cisco.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <20120405112946.GI24982@1wt.eu>
On Thu, Apr 05, 2012 at 10:59:58AM +0000, Adrien W. de Croy wrote:
> Existing compliant 1.1 proxies will remove the Upgrade header, since it 
> references a protocol that it won't know yet.

Which is intended here.

> Unless it already adopts a strategy of getting out of the way (moving 
> to tunnel).
>  
> Do we have any idea about how many will pass it through and therefore 
> allow 2.0 to function?

I guess that few proxies will let it pass through, resulting in a
satisfying filtering ability for enterprise or school admins. All the
(explicit) proxies I have tested so far successfully remove the headers
referenced in the Connection field. On the server-side, infrastructure
components are more likely to support this (at least those which already
do with websocket).

> Otherwise these things will keep their users in 1.1 land until they are 
> upgraded

That's what I'd really like to see happen : a smooth and transparent
opening of 2.0. Probably that for HTTPS, NPN might result in a faster
adoption since there are less controls, so that will not change anything
for admins : either they already block and will continue to do so, or
they already don't care and wont either.

> >>I also suspect there is a plethora of cheap DSL/NAT routers which do
> >>port 80 inspection which may break.  Whether they break in a way that
> >>prevents operation or not is another matter.
> >>
> >
> >
> >Don't forget that WebSocket readily uses this mechanism and that such
> >bugs are already being reported to vendors. By the time we ship HTTP/2.0
> >a number of these implementation bugs will have been fixed, and not
> >everyone will have deployed V2 anyway.
> >
>  
> OK.  Would be interesting to see stats on rates of failure and why - if 
> you have any.

The only failure I'm aware of at the moment is TrendMicro's OfficeScan
software blocking traffic to port 80.

Regards,
Willy
Received on Thursday, 5 April 2012 11:30:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT