- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 06 Jun 2014 23:14:55 +1200
- To: ietf-http-wg@w3.org
On 6/06/2014 10:28 a.m., David Krauss wrote: > > Four kilobytes should be plenty for a proxy to route a stream and > relieve the buffering pressure by streaming as HPACK was designed to > do, but someone mentioned proxies peeking at cookies too. It seems > that we need a closer look at what kind of implementation handles > which specific use case. These issues aren’t specific to extra-simple > servers. FWIW the only use-cases I've seen for proxies to peek at Cookie was for interception proxies to authenticate despite the client-side security measures, or for load balancers to ensure end-to-end pinning of user sessions (forcing statefulness on the stateless transfer protocol). The WG has decided to ignore interception middleware entirely. The Load-balancer use-case is apparently resolved by "just use HTTP/1.1". Maybe someone has another use case for accessing Cookie but I think the Load-Balancer case served fine by an HTTP/2 extension between the LB and the backend servers - provided we are allowed extension frames (or maybe despite HTTP/2 spec). Amos
Received on Friday, 6 June 2014 11:15:34 UTC