- From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Tue, 28 Jun 2016 11:59:30 +0300 (EEST)
- To: HTTP working group mailing list <ietf-http-wg@w3.org>
- CC: Mark Nottingham <mnot@mnot.net>, Martin Thomson <martin.thomson@gmail.com>, Mike Bishop <Michael.Bishop@microsoft.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>
https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-06#section-5.1
Kari Hurtta <hurtta-ietf@elmme-mailer.org>: (Wed Jun 22 19:36:14 2016)
> | Including "tls-commit" creates a commitment to provide a secured
> | alternative service for the advertised period. Clients that receive
> | this commitment can assume that a secured alternative service will be
> | available for the origin object lifetime. Clients might however
> | choose to limit this time (see Section 5.3).
>
> This may do create variation of
>
> https://github.com/httpwg/http-extensions/issues/162
>
> Client limits commintment liftime and therefore does not consider
> http-opportunistic for commintment but otherwise
> http-opportunistic is valid because "lifetime" member value is
> smaller than "current_age".
>
> Now this does not look very dangerous, because if http-opportunistic
> is used only for commintment, then there is no "tls-ports".
Better:
Clients might however choose to limit the origin object lifetime
https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-06#section-5.3
| To avoid situations where a commitment causes errors, clients MAY
| limit the time over which a commitment is respected for a given
| origin.
this comes:
limit the origin object lifetime (and that way limit the time over
which a commitment is respected for a given origin).
Not very critical if using of "tls-ports" and "tls-commit"
on same origin object is discouraged.
/ Kari Hurtta
Received on Tuesday, 28 June 2016 09:00:12 UTC