- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 4 Nov 2016 11:16:35 +1100
- To: Erik Nygren <erik@nygren.org>
- Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
On 3 November 2016 at 07:02, Erik Nygren <erik@nygren.org> wrote:
> An example of why this could be bad would be a CDN server that terminates
> both HTTP and HTTPS over TLS but demuxes them such that HTTPS requires TLS
> to content origin but HTTP is allowed to go cleartext to content origin.
> When a single TLS connection demuxes to a mixture of TLS and cleartext
> traffic, this feels like asking for increased trouble and attack surfaces.
> Prohibiting mixed-scheme on the incoming connection makes this feel much
> safer.
I am almost inclined to say that you don't get to use the feature if
you are concerned about this causing issues of that sort. Or, as some
of us have discussed, a new h2 setting that prohibits coalescing might
be a simpler option.
Kari's solution works, though it opens other possibilities, and I'm
concerned we're off down the rabbit hole again:
{ "http://...": "mixed-scheme", --> open season
"http://...": "single-scheme", --> only one scheme per connection
"http://...": "dedicated-connection" } --> only one origin per connection
Received on Friday, 4 November 2016 00:17:10 UTC