Re: Invalid HTTP2 preface handling? from Greg Wilkins on 2015-02-11 (ietf-http-wg@w3.org from January to March 2015)

From: Greg Wilkins <gregw@intalio.com>
Date: Wed, 11 Feb 2015 15:15:38 +1100
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAH_y2NG5DtZ3zBP7FsUy392i8pcaHvTWvOdHODSi2gZ9vEZ_7g@mail.gmail.com>

On 11 February 2015 at 13:31, Amos Jeffries <squid3@treenet.co.nz> wrote:

>
> I agree with Mark completely about the 2.0 -> 1.1 transition being
> dangerous. 1.1 has a scary amount of legacy tolerances and gaps where
> nastiness can squeeze through.
>

I'm not really sure I see the difference between a 1.1 port being able to
opportunistically upgrade to 2.0 if it see a preface vs a 2.0 port doing a
downgrade if it sees as non-preface.    Both look the same to clients
regardless if they speak HTTP/1 or HTTP/2

Anyway, I've got my answer.  There is no specific threat, just a preference
to not allow such a simple upgrade/downgrade for the sake of prudence.    I
can accept that and while I'm still considering supporting a preface based
version switch, it will be a use-at-own-risk private feature.

cheers

-- 
Greg Wilkins <gregw@intalio.com>  @  Webtide - *an Intalio subsidiary*
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Wednesday, 11 February 2015 04:16:07 UTC