W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Call for Adoption: draft-hutton-httpbis-connect-protocol-00

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 29 Jul 2014 09:29:47 -0700
Message-ID: <CABkgnnXi9HcxGKmsrTmWVfEsxB7vjw6v3U+pB=w8QUKYUc6mQA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 28 July 2014 23:38, Mark Nottingham <mnot@mnot.net> wrote:
> Another concern briefly mentioned was that such an extension might inhibit protocol evolution; e.g., if a firewall whitelists what tunnelled protocols it accepts, it might be that we're stuck advertising "h2" in the future. However, there didn't seem to be strong concern here, since ALPN negotiation is a separate step, and HTTP can choose to omit this header when using CONNECT for its own purposes.

I'll note that the header field only brings the information forward.
A proxy that permits an unlabelled CONNECT can (maybe) examine the TLS
ClientHello to see what protocols are being offered.  That is, if TLS
is involved at all; though other protocols could have similarly
distinctive fingerprints.

Omitting the header field will, at least in the short term, avoid any
whitelisting issues.  However, if we start using this for "h2", then
we could end up with omission being risky.  My crystal ball tells me
that this is unlikely on any relevant timescale :)
Received on Tuesday, 29 July 2014 16:30:16 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC