- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 6 Dec 2013 08:59:50 -0800
- To: Yoav Nir <synp71@live.com>
- Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
On 6 December 2013 01:14, Yoav Nir <synp71@live.com> wrote: > On 6/12/13 10:57 AM, Nicolas Mailhot wrote: >> Security people will ask to drop anything unknown since if it's unknown it >> can't be evaluated for malfeasance potential. And justifiably so. If X is known, and Y isn't, there's always the risk that Y alters the interpretation of X in ways that ultimately affect security. That's physics. > A firewall proxy would definitely do that. So unless we want to kill > extensibility, we have two options: > - New extension frames require an advertised new version that firewalls can > downgrade if they don't support, or Probably not. At that point, you have a whole new protocol anyhow. > - That client and server can live with those frames getting dropped. This is where I think that we were heading. In the example above, this means that any unknown Y cannot alter the semantics such that its absence would be problematic. This allows the paranoid a license to drop unknown stuff; but it also limits the scope of the damage if extensions are passed.
Received on Friday, 6 December 2013 17:00:21 UTC