- From: Benjamin Kaduk <bkaduk@akamai.com>
- Date: Fri, 8 Dec 2017 08:03:25 -0600
- To: Martin Thomson <martin.thomson@gmail.com>, David Benjamin <davidben@chromium.org>
- Cc: Victor Vasiliev <vasilvv@google.com>, Willy Tarreau <w@1wt.eu>, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>, mnot <mnot@mnot.net>
On 12/07/2017 06:56 PM, Martin Thomson wrote: > On Fri, Dec 8, 2017 at 11:28 AM, David Benjamin <davidben@chromium.org> wrote: >> Thus, If you are okay performing that action without replay protection, then >> you're cool with any arrangement. If you are not okay performing that action >> without replay protection, then *none* of your servers should do so. This >> can be achieved, on a per-server basis in several ways: >> >> 1. Don't turn on 0-RTT. >> 2. If (1) is too much because you want 0-RTT in other cases, delay >> processing. >> 3. If (2) is too much because you don't like buffering, send a 425. > That's a good point and one we don't capture properly. The point > about consistency needs to be on classification, not reaction. Yes, the consistency is of classification. We have at least at times had some text mentioning that it's always okay to return 425 due to local conditions even if the response could safely be handled as an early request, but I don't remember if that got lost in a reshuffling. -Ben > I've opened a PR that tries to capture this, though I omit any > dependency between steps. > > https://github.com/httpwg/http-extensions/pull/446 >
Received on Friday, 8 December 2017 14:04:45 UTC