draft-ietf-httpbis-alt-svc-latest, "9.5 Confusion Regarding Request Scheme"

<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-alt-svc-latest.html#rfc.section.9.5>:

"Alternative Services MUST NOT be advertised for a protocol that is not 
designed to carry the scheme. In particular, HTTP/1.1 over TLS cannot 
carry safely requests for http resources."

...which refers to the :scheme pseudo header field in HTTP/2 
(<http://greenbytes.de/tech/webdav/rfc7540.html#HttpRequest>).

As far as I recall the intention of the statement above is to avoid that 
when alt-svc is used to move http traffic to a TLSsy port such as 443, 
the alternative server gets confused about whether it's serving HTTP or 
HTTPS.

Recently two questions come up related to this, one raised by Stefan 
Eissing in the context of mod_h2, one off-line by people trying to use 
alt-svc for a case we may have not considered.

1) In reality, even when the protocol *does* carry the scheme (such as 
in HTTP/2), the *application* (think PHP running on top of Apache httpd) 
is so distant from the actual server stack that it wouldn't have that 
information. This is especially true as long many servers shield 
applications from any knowledge about whether they are accessed over 
HTTP/1.1 or HTTP/2. (Speaking of which, HTTP/1.1 can carry this 
information as well, see 
<http://greenbytes.de/tech/webdav/rfc7230.html#absolute-form>).

2) The clause seems to be less relevant when alt-svc is used to 
load-balance HTTP/1.1 http*s* traffic.

DISCUSS! :-)

Received on Wednesday, 5 August 2015 18:48:35 UTC