W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2017

RE: New Version Notification for draft-thomson-http-replay-00.txt

From: Mike Bishop <Michael.Bishop@microsoft.com>
Date: Thu, 22 Jun 2017 17:38:24 +0000
To: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <MWHPR21MB01414FC02F408FA5535F24C987DB0@MWHPR21MB0141.namprd21.prod.outlook.com>
I like most of it, but the second paragraph in 5 seems a little hand-wavy.  The gateway is supposed to "know" the server supports this new standard, which it can only fully do if it has received a 4NN in the past, which would only happen if it knew in the past, which....  Chicken, meet egg.

The gateway can make that presumption if the server accepts a 0-RTT connection from the gateway, but that presumes the gateway is maintaining enough state to do 0-RTT itself to all origin servers, which might be a big claim depending how much traffic it deals with to what set of origins.  (Or perhaps simply if the gateway has ever seen an early_data extension from the server in a NST message...?)

-----Original Message-----
From: Martin Thomson [mailto:martin.thomson@gmail.com] 
Sent: Thursday, June 22, 2017 12:27 AM
To: HTTP Working Group <ietf-http-wg@w3.org>
Subject: Fwd: New Version Notification for draft-thomson-http-replay-00.txt

HTTP folks,

Mark, Willy, and I have put together a draft that describes how HTTP works with early data (or 0-RTT).

There's nothing revolutionary here, but we went through all the intermediary scenarios and ensured that we have them covered.  The main thing of interest is the technique we recommend for avoiding exposure to replay attack.


---------- Forwarded message ----------
From:  <internet-drafts@ietf.org>
Date: 22 June 2017 at 16:50
Subject: New Version Notification for draft-thomson-http-replay-00.txt

Name:           draft-thomson-http-replay
Revision:       00
Title:          Using Early Data in HTTP
Document date:  2017-06-22
Group:          Individual Submission
Pages:          9
Status:         https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-thomson-http-replay%2F&data=02%7C01%7CMichael.Bishop%40microsoft.com%7C3f8983c295e54bd6332f08d4b940c8e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636337135275471854&sdata=FYx1nWuacnPEr8WsC6y0KxNyB3xKd0NSLH4IPsCtH8M%3D&reserved=0
Htmlized:       https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-thomson-http-replay-00&data=02%7C01%7CMichael.Bishop%40microsoft.com%7C3f8983c295e54bd6332f08d4b940c8e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636337135275471854&sdata=AVs8k1VgG9t7XSayv2PmP%2BdtT5lafiYsrJOj0xwbK7g%3D&reserved=0

   This document explains the risks of using early data for HTTP and
   describes techniques for reducing them.  In particular, it defines a
   mechanism that enables clients to communicate with servers about
   early data, to assure correct operation.

Received on Thursday, 22 June 2017 17:38:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:15:03 UTC