W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: HTTP/2.0 Magic

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 31 Jan 2013 18:35:24 -0800
Message-ID: <CAP+FsNeXrxc6SfW-gL+_jLNK_o6AxW0H4o6faf0zQMXOtyNrsg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
How about: d3 d0 c4 d9? (as an hommage).

Honestly, though, anything which spells out something easy to remember in
7-bit ascii when the high-bits are all xor'd would be nice :)


On Thu, Jan 31, 2013 at 5:24 PM, Martin Thomson <martin.thomson@gmail.com>wrote:

> The conclusion that we reached in the interim was that no matter how
> HTTP/2.0 was started, there would be some magic that started the
> session.
> The requirements for that magic is that it is designed to cause a
> reasonable proportion of HTTP/1.1 implementations to fail, preferably
> to close the connection.
> This magic also provides a high degree of confidence that the protocol
> you are talking is actually HTTP/2.0 and not something else.
> As far as I am aware, the actual sequence does not matter much, though
> having the first bit set ensures that this isn't valid HTTP/1.1.
> I generated a random number.  In this case, a 32-bit value.  Happily,
> the high bit is set:
>   e1c54784
> As we discussed, this would be sent at the start of every session and
> be followed immediately by a SETTINGS frame.  Both client and server
> send this sequence.
> The concern here is that some implementations will swallow this and
> proceed anyway.  Those implementations wont fail as a result of seeing
> this.  It may be the case that for those implementations no amount of
> magic is sufficient as the tests that lead to websockets masking
> revealed.
Received on Friday, 1 February 2013 02:35:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:09 UTC