W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2015

Re: HTTP2 server-side stream creation

From: Cory Benfield <cory@lukasa.co.uk>
Date: Fri, 10 Jul 2015 20:39:30 +0100
Cc: ietf-http-wg@w3.org
Message-Id: <216D9236-DE46-40E8-BEE2-3FA6806DA984@lukasa.co.uk>
To: Amos Jeffries <squid3@treenet.co.nz>

> On 10 Jul 2015, at 19:05, Amos Jeffries <squid3@treenet.co.nz> wrote:
> 
> On 11/07/2015 2:12 a.m., Stefan Eissing wrote:
>> 
>> A bit more thinking: this whole server-side creation can only work when
>> there are *no* concentrating intermediates involved, right? Where would a 
>> proxy forward the server stream to?
> 
> Any client who both advertised willingness to be a server and had the
> right :authority.

So this is a good idea. However, this raises an important question: how do we trust a client that asserts validity for a specific :authority? There’s a risk here of being able to ‘intercept’ messages by asserting that I’m a valid destination for an :authority that some other client is also using.

It might be that we think this is OK: HTTP/2 P2P is likely to be used only in a trusted environment. Alternatively, we could come up with some other requirement: for example, the client might need to provide a TLS client certificate that is valid for the :authority it is asserting.

Ideas would be valuable here.

>> Otherwise clients would need to allocate some sort of name at proxies
>> and then proxies need to inspect new HEADERs for matching :authority and
>> it gets only uglier from there...
>> 
> 
> Yep. Certainly gets nasty. Not impossible, just really nasty.
> 
> I can forsee some error status being used a lot to reject
> server-initiated requests to clients who disappeared already.

This feels like a good addition. Got a name you feel like using?

Cory
Received on Friday, 10 July 2015 19:40:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:45 UTC