W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Alt-Svc header + ALTSVC frame

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 29 Apr 2014 14:13:21 +1000
Message-Id: <CE918BB1-94DE-446F-970E-9576B1F03667@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
The Alt-Svc header field doesn’t allow advertisement of an alternative on another host, to avoid security issues (mostly around someone injecting a header that transparently redirects a site to an attacker).

The ALTSVC frame does allow changing hosts, as long as certain criteria have been met (as per the draft).

If a site wants to upgrade from HTTP/1 to HTTP/2 *and* shift traffic to another server, it seems to be it could do so by:

1) Serving the HTTP/1 response with an Alt-Svc HTTP header to another port on the same host, speaking HTTP/2
2) On the HTTP/2 port, upon connection immediately send an ALTSVC frame followed by a GOAWAY frame

That would have the effect of informing the client about the alternative on the other host, which would be used once the connection to it was viable.

Any reason this wouldn’t work / be a good idea? Mostly, I’m interested in confirming that everyone has a similar understanding of how Alt-Svc/ALTSVC works…


Mark Nottingham   http://www.mnot.net/
Received on Tuesday, 29 April 2014 04:13:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC