W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

HTTP/2.0 Magic

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 1 Feb 2013 10:24:30 +0900
Message-ID: <CABkgnnV1AqvPk3513rReH-rktYuxf9zDTHpQT9agfZgKrqF_aw@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
The conclusion that we reached in the interim was that no matter how
HTTP/2.0 was started, there would be some magic that started the
session.

The requirements for that magic is that it is designed to cause a
reasonable proportion of HTTP/1.1 implementations to fail, preferably
to close the connection.

This magic also provides a high degree of confidence that the protocol
you are talking is actually HTTP/2.0 and not something else.

As far as I am aware, the actual sequence does not matter much, though
having the first bit set ensures that this isn't valid HTTP/1.1.

I generated a random number.  In this case, a 32-bit value.  Happily,
the high bit is set:

  e1c54784

As we discussed, this would be sent at the start of every session and
be followed immediately by a SETTINGS frame.  Both client and server
send this sequence.

The concern here is that some implementations will swallow this and
proceed anyway.  Those implementations wont fail as a result of seeing
this.  It may be the case that for those implementations no amount of
magic is sufficient as the tests that lead to websockets masking
revealed.
Received on Friday, 1 February 2013 01:24:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 1 February 2013 01:25:02 GMT