Re: HTTP profile for TLS 1.3 0-RTT early data? from Patrick McManus on 2017-05-11 (ietf-http-wg@w3.org from April to June 2017)

From: Patrick McManus <mcmanus@ducksong.com>
Date: Wed, 10 May 2017 20:34:30 -0400
To: Mark Nottingham <mnot@mnot.net>
Cc: Erik Nygren <erik@nygren.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, "Ponec, Miroslav" <mponec@akamai.com>, "Kaduk, Ben" <bkaduk@akamai.com>
Message-ID: <CAOdDvNpM6ncmz8R6kQOmYC_MKS7qz_BVPbjE0jifG+jb4DdrxQ@mail.gmail.com>

On Wed, May 10, 2017 at 8:23 PM, Mark Nottingham <mnot@mnot.net> wrote:

> > 4) Perhaps a general HTTP request header for indicating that requests
> were received via 0RTT early data (such as Cloudflare's "Cf-0rtt-Unique"
> header).  This would be useful for both load balancers communicating to
> application servers, as well as for CDNs communicating to origin servers.
> This would presumably interact with #2 in cases where the appserver or
> origin wanted to force a client to retry via 1-RTT.
>
> Seems reasonable. Then you could Vary on it. *evil grin*
>


this has some terrible hpack interactions if replay isn't really replay of
the same byte stream.

Received on Thursday, 11 May 2017 00:35:05 UTC