draft-ietf-httpbis-encryption-encoding from Kari Hurtta on 2016-12-22 (ietf-http-wg@w3.org from October to December 2016)

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Thu, 22 Dec 2016 08:01:22 +0200 (EET)
To: HTTP working group mailing list <ietf-http-wg@w3.org>
CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Message-Id: <20161222060124.733EB1A95C@welho-filter4.welho.com>

https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-09#section-2

|                   Connections that use client certificates for other
|   reasons MAY be reused, though client certificates MUST NOT affect the
|   responses to requests for "http" resources.

https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-09#section-2.2

|   Clients MUST NOT send "http" requests and "https" requests on the
|   same connection. 

What are connections  that use client certificates for other reasons
because they can not be connections which are used for "https" requests ?

https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-09#section-2.1

|   Clients MUST NOT send "http" requests over a secured connection,
|   unless the chosen alternative service presents a certificate that is
|   valid for the origin - as per [RFC2818] (this also establishes
|   "reasonable assurances" for the purposes of {RFC7838}}) - and they
|   have obtained a valid http-opportunistic response for an origin (as
|   per Section 2.3).

I'm not sure that this 

    "they have obtained a valid http-opportunistic response for an origin (as
    per Section 2.3)."

is saying.

This text or example after that seems not say from read /.well-known/http-opportunistic
need to be read. From original connection or from putative alternative service.
Or is it irrelevant?


|   For example, assuming the following request is made over a TLS
|   connection that is successfully authenticated for those origins, the
|   following request/response pair would allow requests for the origins
|   "http://www.example.com" or "http://example.com" to be sent using a
|   secured connection:
|
|   HEADERS
|     + END_STREAM
|     + END_HEADERS
|       :method = GET
|       :scheme = http
|       :path = /.well-known/http-opportunistic
|       host: example.com
|
|   HEADERS
|       :status = 200
|       content-type = application/json
|   DATA
|     + END_STREAM
|   [ "http://www.example.com", "http://example.com" ]



/ Kari Hurtta

Received on Thursday, 22 December 2016 06:01:53 UTC