W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: draft-ietf-httpbis-encryption-encoding

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 23 Dec 2016 16:58:52 +1100
Message-ID: <CABkgnnVmHMPgBG6=GbN7iPWJQNJ46Nn6Cp39uZRB9zABSmS-2g@mail.gmail.com>
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: HTTP working group mailing list <ietf-http-wg@w3.org>
Thanks for the prompt review.  Inline.

On 22 December 2016 at 17:01, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-09#section-2
>
> |                   Connections that use client certificates for other
> |   reasons MAY be reused, though client certificates MUST NOT affect the
> |   responses to requests for "http" resources.
[...]
> What are connections  that use client certificates for other reasons
> because they can not be connections which are used for "https" requests ?

That's an editorial snafu.  I've fixed it.  It now reads (in full):

   Client certificates are not meaningful for URLs with the "http"
   scheme, and therefore clients creating new TLS connections to
   alternative services for the purposes of this specification MUST NOT
   present them.  A server that also provides "https" resources on the
   same port can request a certificate during the TLS handshake, but it
   MUST NOT abort the handshake if the client does not provide one.

> I'm not sure that this
>
>     "they have obtained a valid http-opportunistic response for an origin (as
>     per Section 2.3)."
>
> is saying.

Section 2.3 defines a valid http-opportunistic response:

   [...] A client is said to have a valid http-opportunistic
   response for a given origin when:

> This text or example after that seems not say from read /.well-known/http-opportunistic
> need to be read. From original connection or from putative alternative service.
> Or is it irrelevant?

Yes, that's an oversight.  The only requirement is that the request is
made to the authenticated alternative.

And the contradiction is a problem.  I've pushed a commit that should fix this:

https://github.com/httpwg/http-extensions/commit/467d6b2773304e47cad09f6a8af62a7448fe3312
Received on Friday, 23 December 2016 05:59:20 UTC

This archive was generated by hypermail 2.3.1 : Friday, 23 December 2016 05:59:28 UTC