Re: Remaining lifetime | Re: draft-ietf-httpbis-http2-encryption-06.txt from Kari Hurtta on 2016-07-11 (ietf-http-wg@w3.org from July to September 2016)

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Mon, 11 Jul 2016 19:49:31 +0300 (EEST)
To: Martin Thomson <martin.thomson@gmail.com>
CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>, Mark Nottingham <mnot@mnot.net>, Mike Bishop <Michael.Bishop@microsoft.com>
Message-Id: <201607111649.u6BGnV3C019584@shell.siilo.fmi.fi>

Martin Thomson <martin.thomson@gmail.com>: (Mon Jul 11 08:45:17 2016)
> On 5 July 2016 at 02:04, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> > Perhaps add to somewhere:
> >
> >   Remaining lifetime of origin object is origin object lifetime
> >   subtracted "current_age" of response. This is also remaining
> >   duration for opportunistic commitment ("tls-commit").
> 
> I had a look at this, and couldn't really see that it was necessary.
> The origin object is defined as being valid if the lifetime is greater
> than the current age.
> 
> The best I could come up with is this:
> 
>  A client SHOULD avoid sending requests via cleartext protocols or to
> unauthenticated alternative
> -services for the duration of the origin object lifetime, except to
> discover new potential
> -alternatives.
> +services while the origin object lifetime remains valid (see
> {{well-known}}), except to discover
> +new potential alternatives.
> 
> But I'm not convinced that we need it.

Seems that my original comment was  lost:

------------------------------------------------------------
https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-06#section-6

|   o  The origin object has a "lifetime" member, whose value is a number
|      indicating the number of seconds which the origin object is valid
|      for (hereafter, the "origin object lifetime"), and
|
|   o  The origin object lifetime is greater than the "current_age" (as
|      per [RFC7234], Section 4.2.3).

I think that this does not say when origin's object lifitime starts.
This seems imply that object lifetime start from that point what "current_age"
calculation uses but that is not required.

Therefore I guess that remaining lifetime (and possible remaining commitment)

   = lifetime - "current_age"


But seem that remaining commintment time
    = value of "lifitime"

is also possible reading.  This does not look dangerous.
------------------------------------------------------------


https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-05
tehre was:

| commitment interval starts when the commitment is received and
| authenticated and runs for a number of seconds equal to value of the
| "tls-commit" member, less the current age of the http-opportunistic
| response 

Seems that currently that "less the current age of the http-opportunistic
response" is not explicty mentioned. Or perhaps I missed something?

/ Kari Hurtta

Received on Monday, 11 July 2016 16:50:19 UTC