Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt from Patrick McManus on 2016-10-07 (ietf-http-wg@w3.org from October to December 2016)

From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 7 Oct 2016 09:45:46 +0200
To: Mike Bishop <Michael.Bishop@microsoft.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Patrick McManus <mcmanus@ducksong.com>, HTTP working group mailing list <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNrr5Y2X14vVZjrs8uJw1pE74qP83=cniA24UpUdc855hA@mail.gmail.com>

On Thu, Oct 6, 2016 at 8:12 PM, Mike Bishop <Michael.Bishop@microsoft.com>
wrote:

> If we want to *validate* that the server is handling scheme properly, then
> we need to have different content at http:// and https:// and check that
> we get the right one over the right scheme.

I don't think that proof is necessary for something like .wk where the
resource has such an explicit meaning. The meaning of the .wk is that http
over tls is OK, it doesn't mean the server MUST treat the resources
differently (just an assurance that not doing so isn't a semantic problem
for their content).

Like Mike, I've tried to make the argument that this step isn't really
required but I've grown weary of the pushback and the cost of doing so has
proven reasonable to me (I've implemented the json thing) so at this point
I would rather go ahead with some kind of check.

I think either the 200 or the json are acceptable here - let's decide.

Received on Friday, 7 October 2016 07:46:18 UTC