Re: Call for Adoption: draft-nottingham-httpbis-origin-frame from Stefan Eissing on 2016-03-16 (ietf-http-wg@w3.org from January to March 2016)

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Wed, 16 Mar 2016 10:19:51 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: McManus Patrick <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <89B8B31F-1F89-4C82-B97B-FFF71B604271@greenbytes.de>

> Am 16.03.2016 um 10:08 schrieb Mark Nottingham <mnot@mnot.net>:
> 
> Hi Stefan,
> 
>> On 16 Mar 2016, at 8:04 PM, Stefan Eissing <stefan.eissing@greenbytes.de> wrote:
>> 
>> Interested to support this in Apache httpd.
>> 
>> The handling of 421 responses is not the same for all clients. This has caused some problems in deployment where not all sites listed in a cert enjoy the same TLS configuration. With renegotiation not possible, a server can only 421 such a request.
> 
> Can you expand upon this a bit? What differences are you seeing?

I got several users who reported that Chrome did not open a new connection under certain circumstances and failed the request. Since they needed the setup as it was, they could only disable h2 for the time being. That was in 2.4.17 when httpd would answer almost all differences between SNI and :authority with a 421. Which was, admittedly, a bit harsh. And the fine folks from Chrome probably have improved that part already. I did not have the time to check in detail.

With 2.4.18, 421 is only used when TLS configurations are not compatible, e.g. not using the same ciphers/protocol version etc. So, people do configure around it, when needed and possible.

But when clients encounter a 421, not all have exposed the same handling, nor probably ever will. Was the 421 request a POST? How much body had already been sent? etc..

That is where I hope a ORIGIN frame could make things more predictable.

-Stefan

>> 
>> My hope for an ORIGIN frame is that the server can indicate which hosts *really* are mixable on the connection and clients can refrain from second guessing from alternate names only.
>> 
>> -Stefan
>> 
>>> Am 16.03.2016 um 01:16 schrieb Patrick McManus <mcmanus@ducksong.com>:
>>> 
>>> as noted, I'm in favor and interested in where this can go.
>>> 
>>> On Tue, Mar 15, 2016 at 7:58 PM, Mark Nottingham <mnot@mnot.net> wrote:
>>> <https://tools.ietf.org/html/draft-nottingham-httpbis-origin-frame-01>
>>> 
>>> As we've seen, there's some implementer interest in this, and in previous discussions, there seem to have been support for it. Our AD is aware of it and supportive of its adoption.
>>> 
>>> If you'd like to express support for it or reservations about adopting it, please do so; we'll make a decision shortly.
>>> 
>>> Since I'm an author on the document, Mike Bishop has graciously agreed to act as Document Shepherd and judge consensus for it.
>>> 
>>> Regards,
>>> 
>>> 
>>> 
>>> 
>>> --
>>> Mark Nottingham   https://www.mnot.net/
>>> 
>>> 
>>> 
>> 
> 
> --
> Mark Nottingham   https://www.mnot.net/

Received on Wednesday, 16 March 2016 09:20:23 UTC