Re: Our ALPN protocol IDs from Yoav Nir on 2013-12-06 (ietf-http-wg@w3.org from October to December 2013)

From: Yoav Nir <synp71@live.com>
Date: Fri, 6 Dec 2013 11:14:48 +0200
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Amos Jeffries <squid3@treenet.co.nz>
CC: ietf-http-wg@w3.org
Message-ID: <BLU0-SMTP108111B6D2709ADE99F2F0FB1D60@phx.gbl>

On 6/12/13 10:57 AM, Nicolas Mailhot wrote:
> Le Ven 6 décembre 2013 07:05, Amos Jeffries a écrit :
>
>> No train wreck or problems there. *provided* we get a clear consensus
>> and definition of what 2.0 proxies etc is to do with those
>> unknown/future frame types.
> Security people will ask to drop anything unknown since if it's unknown it
> can't be evaluated for malfeasance potential.
>
A firewall proxy would definitely do that. So unless we want to kill 
extensibility, we have two options:
  - New extension frames require an advertised new version that 
firewalls can downgrade if they don't support, or
  - That client and server can live with those frames getting dropped.

Other proxies, like caches that don't evaluate malfeasance can just 
forward unknown frames.

Yoav

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Friday, 6 December 2013 09:15:20 UTC