SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

Mike Bishop <>: (Tue Oct  4 20:38:45 2016)

> Taking a step back, what is the list of ports actually buying us now?  The port can be obtained by the client from the Alt-Svc header.  The fact that the port is legitimate and not hijacked is verified by finding that it has a certificate.  What we're actually confirming is that the origin supports mixed schemes.  The lifetime is already present in the Alt-Svc advertisement, and I haven't heard a compelling reason to have a separate lifetime.  Should we just define SETTINGS_MIXED_SCHEME_PERMITTED and call it a day?


SETTINGS_MIXED_SCHEME_PERMITTED is per connection. I assume that HTTP/2
server sends it on SETTINGS frame to HTTP/2 client (similar than what
I contemplated for SETTINGS_WEBSOCKET_CAPABLE at )

http-opportunistic response tells here that given port for that
origin handles http -scheme when sent via TLS. 

connection apply probably for several origins. TLS connection
may be terminated by reverse proxy. And different origins
are served by different processes or servers behind of
reverse proxy.


"tls-ports"  should perhaps now be "mixed-scheme-listeners" 
giving [ "alternative-server:port" ].

/ Kari Hurtta

Received on Wednesday, 5 October 2016 04:52:29 UTC