Re: h2 requirements on authoritative responses

On 3 September 2014 13:32, Roy T. Fielding <fielding@gbiv.com> wrote:
> A slight (editorial) suggestion:
>
>   Connections that are made to an origin server, either directly or
>   through a tunnel created using the <xref target="CONNECT">CONNECT method</xref>,
>   MAY be reused for requests with different URI authority components
>   if that origin server is also <xref target="authority">authoritative</xref>
>   for those other authority components.

Thanks.

> though this begs the question: why is this a MAY instead of a
> MUST NOT ... unless X?

Mainly because they are basically the same in effect, but a positively
worded statements is easier to comprehend.

A MUST NOT would require two exclusions: one for connections directly
to proxies (easy) and the other for origin servers that offer
credentials that are valid for the other domain.  It seems like a net
zero gain.

> First sentence seems a bit garbled.

That's because I botched up the copy paste in my haste.  The text I
have is instead

    For "https" resources, connection reuse additionally depends on
   having a certificate that is valid for the host in the URI.  A server
   might offer a certificate [...]

> I suggest using "origin server" here instead of server.

Thanks.

>> ADD:
>> +            A client that is configured to use a proxy directs
>> requests to that proxy through a
>> +            single connection.  That is, all requests sent via a
>> proxy reuse the connection to the
>> +            proxy.
>
> In general, I don't think the protocol should specify such things.
> A proxy might not even be using HTTP to its clients, for example.

Would limiting the scope to a proxy *using HTTP/2* suffice?  I think
that this is still of some use.

Received on Wednesday, 3 September 2014 20:49:41 UTC