Re: Alt-Svc WGLC

>> "Clients MUST NOT use unauthenticated alternative services with a host
>> that is different from the origin or authenticated alternative
>> services with a host that does not authenticate itself as the origin."
>
> I think that the second part is invariant, the first is an additional
> limitation on the use of alternative service advertisements that
> aren't properly authenticated.

The second part is bad wording.

What is the issue with the first part? My reading of the draft is that
we want to support the case in which an unauthenticated origin
provides an alternative service that *is* authenticated, just not the
case in which an unauthenticated origin provides an alternative
service that is also unauthenticated:

`This is the reason for the requirement in host_auth that any
alternative service with a host different to the origin's be strongly
authenticated with the origin's identity; i.e., presenting a
certificate for the origin proves that the alternative service is
authorized to serve traffic for the origin.`

I think we can actually skirt the confusion from the second part of my
previous proposal, and just slightly reword the existing text to more
closely match the wording in host_security:

"Clients MUST NOT use an alternative service with a host that is
different from the origin's without the alternative service strongly
authenticating with the origin's identity."

This admits:

 * unauth origin -> unauth alt svc on same host
 * unauth origin -> auth alt svc anywhere
 * auth origin -> auth alt svc anywhere

In isolation it also literally admits auth origin -> unauth alt svc on
same host, but that case is subject to the language in
changing-protocols around clients taking care about downgrading
security through the use of alternative services.

Kyle

Received on Tuesday, 12 January 2016 02:51:55 UTC