W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Wed, 5 Oct 2016 07:51:50 +0300 (EEST)
Message-Id: <201610050451.u954pomK003643@shell.siilo.fmi.fi>
To: Mike Bishop <Michael.Bishop@microsoft.com>
CC: Kari hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
Mike Bishop <Michael.Bishop@microsoft.com>: (Tue Oct  4 20:38:45 2016)

> Taking a step back, what is the list of ports actually buying us now?  The port can be obtained by the client from the Alt-Svc header.  The fact that the port is legitimate and not hijacked is verified by finding that it has a certificate.  What we're actually confirming is that the origin supports mixed schemes.  The lifetime is already present in the Alt-Svc advertisement, and I haven't heard a compelling reason to have a separate lifetime.  Should we just define SETTINGS_MIXED_SCHEME_PERMITTED and call it a day?

Hmm.

SETTINGS_MIXED_SCHEME_PERMITTED is per connection. I assume that HTTP/2
server sends it on SETTINGS frame to HTTP/2 client (similar than what
I contemplated for SETTINGS_WEBSOCKET_CAPABLE at
https://lists.w3.org/Archives/Public/ietf-http-wg/2016OctDec/0033.html )

http-opportunistic response tells here that given port for that
origin handles http -scheme when sent via TLS. 

connection apply probably for several origins. TLS connection
may be terminated by reverse proxy. And different origins
are served by different processes or servers behind of
reverse proxy.

I guess that SETTINGS_MIXED_SCHEME_PERMITTED is too wide.

"tls-ports"  should perhaps now be "mixed-scheme-listeners" 
giving [ "alternative-server:port" ].

/ Kari Hurtta
Received on Wednesday, 5 October 2016 04:52:29 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 October 2016 04:52:30 UTC