Re: HTTP2 server-side stream creation

On 13 July 2015 at 09:07, Stefan Eissing <> wrote:
> So, the issue remains with server-initiated streams to define what they exactly connect against. In the case of special data backend server connections, this might be clear by the configuration of it, so outside of protocol context. And for that it is useful, no doubt. For it to work in the wild net, something is missing, I think.

Yeah, I think that's the question: if the client says "Hey, you can
send me requests too, I'm authority", what reason does the
server have to trust that statement? It might be possible to do some
fun stuff with TLS client certificates here, but it'd be nice if we
had a plaintext solution too.

Maybe it's enough to say that the server MUST have some out-of-band
reason to believe the client is validly representing that authority,
and suggest some options. Those options could be TLS client certs,
service discovery mechanisms, reverse DNS, etc.

Received on Monday, 13 July 2015 08:22:19 UTC