- From: Mike Belshe <mike@belshe.com>
- Date: Sat, 25 Jan 2014 05:01:23 -0800
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CABaLYCuGW45LBrGL-jxRDj3Kvs07LLM-DcSAPEdR-cjPVTt3KA@mail.gmail.com>
As the bug points out, TLS renegotiation has trouble in HTTP/1.x. Its just not well thought through and is inherently racey, regardless of the protocol which is running atop it. Unfortunately, I don't think there is any good answer. If the client starts chattering and doesn't give the server a chance to reneg, its just going to break. I suppose you could try to force some client-side flow control blocker so that it can issue a renegotiate, but when the renegotiate is done, you'll probably have to drop all the in-flight streams. On the good news side, almost nobody uses client auth or renegotiation. This is in part due to the fact that it just doesn't work well with any protocol, HTTP/1 or otherwise. Mike On Fri, Jan 24, 2014 at 11:28 PM, Martin Thomson <martin.thomson@gmail.com>wrote: > Brian raises a fairly important set of points around negotiation: > > https://github.com/http2/http2-spec/issues/363 > > I think that I can distill this down to two major concerns: > > 1. renegotiation causes problems with mapping server authentication to > requests; false start means that this is true even with renegotiation > immediately after connecting > > 2. client certificates are tricky because they often rely on > renegotiation and they can interact with any coalescing feature we > define > > Discuss. > >
Received on Saturday, 25 January 2014 13:01:51 UTC