RE: draft-ietf-httpbis-alt-svc-latest, "9.5 Confusion Regarding Request Scheme"

Because of #2, I think you should further scope it -- Alt-Svc MUST NOT be used to advertise a different protocol if that protocol is not designed to carry the scheme.  In other words, HTTPS to HTTPS is fine, regardless of version.

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de] 
Sent: Wednesday, August 5, 2015 11:48 AM
To: ietf-http-wg@w3.org
Subject: draft-ietf-httpbis-alt-svc-latest, "9.5 Confusion Regarding Request Scheme"

<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-alt-svc-latest.html#rfc.section.9.5>:

"Alternative Services MUST NOT be advertised for a protocol that is not designed to carry the scheme. In particular, HTTP/1.1 over TLS cannot carry safely requests for http resources."

...which refers to the :scheme pseudo header field in HTTP/2 (<http://greenbytes.de/tech/webdav/rfc7540.html#HttpRequest>).

As far as I recall the intention of the statement above is to avoid that when alt-svc is used to move http traffic to a TLSsy port such as 443, the alternative server gets confused about whether it's serving HTTP or HTTPS.

Recently two questions come up related to this, one raised by Stefan Eissing in the context of mod_h2, one off-line by people trying to use alt-svc for a case we may have not considered.

1) In reality, even when the protocol *does* carry the scheme (such as in HTTP/2), the *application* (think PHP running on top of Apache httpd) is so distant from the actual server stack that it wouldn't have that information. This is especially true as long many servers shield applications from any knowledge about whether they are accessed over
HTTP/1.1 or HTTP/2. (Speaking of which, HTTP/1.1 can carry this information as well, see <http://greenbytes.de/tech/webdav/rfc7230.html#absolute-form>).

2) The clause seems to be less relevant when alt-svc is used to load-balance HTTP/1.1 http*s* traffic.

DISCUSS! :-)

Received on Wednesday, 5 August 2015 19:07:03 UTC