- From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Sat, 4 Feb 2017 11:46:23 +0200 (EET)
- To: HTTP working group mailing list <ietf-http-wg@w3.org>
- CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Answer of this can be probably deduced from current text and I
do not suggest changes to text.
2.3. The "http-opportunistic" well-known URI
https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-10#section-2.3
| This specification defines the "http-opportunistic" well-known URI
| [RFC5785]. A client is said to have a valid http-opportunistic
| response for a given origin when:
|
| o The client has requested the well-known URI from the origin over
| an authenticated connection and a 200 (OK) response was provided,
| and
|
| o That response is fresh [RFC7234] (potentially through revalidation
| [RFC7232]), and
|
| o That response has the media type "application/json", and
|
| o That response's payload, when parsed as JSON [RFC7159], contains
| an array as the root, and
|
| o The array contains a string that is a case-insensitive character-
| for-character match for the origin in question, serialised into
| Unicode as per Section 6.1 of [RFC6454].
| Allowing clients to cache the http-opportunistic resource means that
| all alternative services need to be able to respond to requests for
| "http" resources. A client is permitted to use an alternative
| service without acquiring the http-opportunistic resource from that
| service.
|
| A client MUST NOT use any cached copies of an http-opportunistic
| resource that was acquired (or revalidated) over an unauthenticated
| connection. To avoid potential errors, a client can request or
| revalidate the http-opportunistic resource before using any
| connection to an alternative service.
5.2.1.5. no-store
https://tools.ietf.org/html/rfc7234#section-5.2.1.5
| The "no-store" request directive indicates that a cache MUST NOT
| store any part of either this request or any response to it. This
| directive applies to both private and shared caches. "MUST NOT
| store" in this context means that the cache MUST NOT intentionally
| store the information in non-volatile storage, and MUST make a
| best-effort attempt to remove the information from volatile storage
| as promptly as possible after forwarding it.
If alternative servers uses
HEADERS
:status = 200
content-type = application/json
cache-control = no-store
DATA
+ END_STREAM
[ "http://www.example.com", "http://example.com" ]
on all /.well-known/http-opportunistic responses, can server assume
that client probes chosen alternative service for
/.well-known/http-opportunistic before starting using it.
2.1. Alternative Server Opt-In
https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-10#section-2.1
| purposes of {RFC7838}}. In addition to authenticating the server,
| the client MUST have obtained a valid http-opportunistic response for
| an origin (as per Section 2.3) using the authenticated connection.
In other words is client allowed use http-opportunistic response
from another alternative service for that purpose, when response
was cache-control = no-store ?
I think that it is not possible to use response from another
alternative service on that case and therefore cache-control = no-store
implies that client must retrieve /.well-known/http-opportunistic
from chosen alternative service.
But of course I can be wrong.
/ Kari Hurtta
( Seems that "alternative server" and "alternative service"
are used on interchangeably. )
Received on Saturday, 4 February 2017 09:47:00 UTC