W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: 2.2. Interaction with "https" URIs | Re: Op-sec simplification

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 4 Nov 2016 11:16:35 +1100
Message-ID: <CABkgnnUanWhMncsp2XDZgwXjCn7K7+39mvmXWZKFjMDHw6UwOA@mail.gmail.com>
To: Erik Nygren <erik@nygren.org>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
On 3 November 2016 at 07:02, Erik Nygren <erik@nygren.org> wrote:
> An example of why this could be bad would be a CDN server that terminates
> both HTTP and HTTPS over TLS but demuxes them such that HTTPS requires TLS
> to content origin but HTTP is allowed to go cleartext to content origin.
> When a single TLS connection demuxes to a mixture of TLS and cleartext
> traffic, this feels like asking for increased trouble and attack surfaces.
> Prohibiting mixed-scheme on the incoming connection makes this feel much
> safer.

I am almost inclined to say that you don't get to use the feature if
you are concerned about this causing issues of that sort.  Or, as some
of us have discussed, a new h2 setting that prohibits coalescing might
be a simpler option.

Kari's solution works, though it opens other possibilities, and I'm
concerned we're off down the rabbit hole again:

{ "http://...": "mixed-scheme", --> open season
  "http://...": "single-scheme", --> only one scheme per connection
  "http://...": "dedicated-connection" } --> only one origin per connection
Received on Friday, 4 November 2016 00:17:10 UTC

This archive was generated by hypermail 2.3.1 : Friday, 4 November 2016 00:17:13 UTC