- From: Mike Bishop <Michael.Bishop@microsoft.com>
- Date: Thu, 22 Jun 2017 17:38:24 +0000
- To: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
I like most of it, but the second paragraph in 5 seems a little hand-wavy. The gateway is supposed to "know" the server supports this new standard, which it can only fully do if it has received a 4NN in the past, which would only happen if it knew in the past, which.... Chicken, meet egg. The gateway can make that presumption if the server accepts a 0-RTT connection from the gateway, but that presumes the gateway is maintaining enough state to do 0-RTT itself to all origin servers, which might be a big claim depending how much traffic it deals with to what set of origins. (Or perhaps simply if the gateway has ever seen an early_data extension from the server in a NST message...?) -----Original Message----- From: Martin Thomson [mailto:martin.thomson@gmail.com] Sent: Thursday, June 22, 2017 12:27 AM To: HTTP Working Group <ietf-http-wg@w3.org> Subject: Fwd: New Version Notification for draft-thomson-http-replay-00.txt HTTP folks, Mark, Willy, and I have put together a draft that describes how HTTP works with early data (or 0-RTT). There's nothing revolutionary here, but we went through all the intermediary scenarios and ensured that we have them covered. The main thing of interest is the technique we recommend for avoiding exposure to replay attack. --Martin ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: 22 June 2017 at 16:50 Subject: New Version Notification for draft-thomson-http-replay-00.txt Name: draft-thomson-http-replay Revision: 00 Title: Using Early Data in HTTP Document date: 2017-06-22 Group: Individual Submission Pages: 9 URL: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-thomson-http-replay-00.txt&data=02%7C01%7CMichael.Bishop%40microsoft.com%7C3f8983c295e54bd6332f08d4b940c8e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636337135275461846&sdata=PzRzDrRbGbyRBEkEJAMyTAUa5o1NDJTOxDUW6ShTEbg%3D&reserved=0 Status: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-thomson-http-replay%2F&data=02%7C01%7CMichael.Bishop%40microsoft.com%7C3f8983c295e54bd6332f08d4b940c8e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636337135275471854&sdata=FYx1nWuacnPEr8WsC6y0KxNyB3xKd0NSLH4IPsCtH8M%3D&reserved=0 Htmlized: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-thomson-http-replay-00&data=02%7C01%7CMichael.Bishop%40microsoft.com%7C3f8983c295e54bd6332f08d4b940c8e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636337135275471854&sdata=AVs8k1VgG9t7XSayv2PmP%2BdtT5lafiYsrJOj0xwbK7g%3D&reserved=0 Htmlized: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-thomson-http-replay-00&data=02%7C01%7CMichael.Bishop%40microsoft.com%7C3f8983c295e54bd6332f08d4b940c8e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636337135275471854&sdata=LLjMqfDYlMHTYg3fEFbIMm%2FsAQuiMqXOpUs%2F1cEH9uQ%3D&reserved=0 Abstract: This document explains the risks of using early data for HTTP and describes techniques for reducing them. In particular, it defines a mechanism that enables clients to communicate with servers about early data, to assure correct operation.
Received on Thursday, 22 June 2017 17:38:58 UTC