W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: :scheme, was: consensus on :query ?

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 24 Jul 2014 19:58:06 +1200
Message-ID: <53D0BC8E.20807@treenet.co.nz>
To: ietf-http-wg@w3.org
On 24/07/2014 5:19 p.m., Zhong Yu wrote:
> If a request self-claims that it is HTTPS, I think the server should
> just take its word for it. If a client lies about the scheme, the
> client does it at its own peril, and it should have the freedom to do
> so. If an intermediary (possibly a man-in-the-middle) lies about the
> scheme, there's not much the server can do about it.
> 
> The problem in HTTP/1 is that the server has no reliable way to know
> whether the request was originated as HTTPS at the client end,
> (assuming client/intermediaries are all honest), because the request
> could have gone through multiple intermediaries that alternate
> TLS/PLAIN connections.

scheme is not about front-end. It is about what *backend* protocol the
proxy / second-to-last hop should use to contact the origin server.

Amos
Received on Thursday, 24 July 2014 07:58:49 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC