- From: Erik Nygren <erik@nygren.org>
- Date: Thu, 24 Jul 2014 23:29:58 -0400
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Message-ID: <CAKC-DJiBDRW_oCG9rkjh8ZyQYaPVG3MCjAAiy=FvZ0BqtKbBaw@mail.gmail.com>
With AltSvc, http-scheme-over-TLS is highly relevant to client-to-origin as
well. What is the behavior of non-proxy origins to getting absolute http://
request URIs over TLS with HTTP/1.1? Good point that this is normal for
proxies, but I'd guess that many non-proxy origins would be confused by an
absolute http:// request URI over TLS? With HTTP/2 this is expected to be
a normal/typical to have browsers/clients send http-scheme-over-TLS to
origins after an AltSvc.
Erik
On Jul 24, 2014 8:17 PM, "Amos Jeffries" <squid3@treenet.co.nz> wrote:
>
> http-scheme-over-TLS is only useful when communicating to an explicit
> proxy. So the request URI is required to be in absolute-form where the
> scheme: is explicitly sent as http:// regardess of the TLS connection it
> arrives on.
>
...
> >
> > On Thu, Jul 24, 2014 at 2:33 PM, Martin Thomson wrote:
> >> On 24 July 2014 11:21, Erik Nygren wrote:
> >>> I'd been under the assumption that http-scheme-over-TLS would only be
> >>> allowed over HTTP/2?
> >>
> >> I'll open that issue. We currently have no explicit restriction that
> >> prevents this. I don't think that we have any reason to say
> >> HTTP/2-only. I also don't think that we need a specific exclusion for
> >> HTTP/1.1, which is the other way we might cut this (so that we could
> >> retain the feature for some theorized HTTP/5, which may or may not be
> >> in active development for some major browser).
> >>
> >> That said, Mozilla doesn't plan to use oppsec for HTTP/1.1, at least
> >> in the short to medium term.
> >
>
>
>
Received on Friday, 25 July 2014 03:30:25 UTC