W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Alternative Service Indication

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 2 May 2014 13:15:12 -0700
Message-ID: <CABkgnnWzN4nRo4hAmt5WtwDJBwBzuZ=utuV0GtF6q3nBjFONTw@mail.gmail.com>
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: Erik Nygren <erik@nygren.org>, HTTP Working Group <ietf-http-wg@w3.org>
On 2 May 2014 12:59, William Chan (陈智昌) <willchan@chromium.org> wrote:
> The difference here is that we're leaking more information (theoretically to the
> same server, so it's not really an information leak).

It is a problem only because clients can have altsvc information
persisted for a very long time.  This produces a way of correlating
requests from clients between connections.  (Even if we decide to drop
this indicator, those tracking concerns are worth retaining; there's
still the implicit leak.)

> I would contrast this with HTTP redirect loops which never terminate and we
> show an error for after too many redirects. But with ALTSVC, if you race the
> different connections anyway, then everything will always work. It'll just
> be suboptimal since you're setting up and tearing down connections all the
> time.

Yes, that's exactly the analogy I was using.  The only difference is
perhaps that the damage can be hidden.  Everything continues to work,
but you spend more time on new connections than might be ideal.
Received on Friday, 2 May 2014 20:15:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC