On Wed, Jul 22, 2015 at 10:46 AM, Stefan Eissing < stefan.eissing@greenbytes.de> wrote: > You assume that a client talks to a server and that these two determine > the security of the connection at connection setup. > > > But does it also imply that CDNs may only talk h2 to clients if the backend > connection they might possibly need is also h2 with all security > requirements followed? And if the backend connection needs to be > setup/reopened and fails some requirements, must all client connections be > dropped? > > unless I am seriously misunderstanding the state of the art (or your comment) the CDN presents itself as the origin (e.g. it has a TLS cert valid for the origin). Whether it satisfies a request locally, via gateway as some version of HTTP, or through gatewaying ftfp is immaterial to the communication with the client. The CDN-based-origin could speak h2 to the client in all those scenarios but it would have to do so over tls 1.2 and with a cipher suite acceptable to rfc 7540. > , I think this is not some esoteric gedankenmodell, but a real world > scenario. > I don't know what that means (beyond the obvious guess), but I like the way it sounds in my head :)Received on Wednesday, 22 July 2015 09:06:47 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:46 UTC