W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Our ALPN protocol IDs

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 6 Dec 2013 08:59:50 -0800
Message-ID: <CABkgnnUTUyLtNsWWbFJRGBuBS5RT9MRN+jXU25MSETfO0NA+Ng@mail.gmail.com>
To: Yoav Nir <synp71@live.com>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
On 6 December 2013 01:14, Yoav Nir <synp71@live.com> wrote:
> On 6/12/13 10:57 AM, Nicolas Mailhot wrote:
>> Security people will ask to drop anything unknown since if it's unknown it
>> can't be evaluated for malfeasance potential.

And justifiably so.  If X is known, and Y isn't, there's always the
risk that Y alters the interpretation of X in ways that ultimately
affect security.  That's physics.

> A firewall proxy would definitely do that. So unless we want to kill
> extensibility, we have two options:
>  - New extension frames require an advertised new version that firewalls can
> downgrade if they don't support, or

Probably not.  At that point, you have a whole new protocol anyhow.

>  - That client and server can live with those frames getting dropped.

This is where I think that we were heading.  In the example above,
this means that any unknown Y cannot alter the semantics such that its
absence would be problematic.  This allows the paranoid a license to
drop unknown stuff; but it also limits the scope of the damage if
extensions are passed.
Received on Friday, 6 December 2013 17:00:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC