Re: New Version Notification for draft-thomson-http-replay-00.txt

Hi Willy,

On 27 July 2017 at 17:08, Willy Tarreau <> wrote:
> On Wed, Jul 26, 2017 at 02:19:29PM +1000, Martin Thomson wrote:
>> If Early-Data was omitted by the client, that would make it easier in
>> a sense.  Then an intermediary could tell if it was the first.
> If you remember that's exactly the conclusion that draw us to get rid
> of this header on the client during our first meeting. We noticed that
> it was wrong to have the client provide it because it would confuse
> chained intermediaries and in the end the only thing that matters is
> not how the request was *sent* but how it was *received*.

Yes, this was a good reason until Subodh convinced me that the race
was serious and that how the packet is received can be controlled by
an attacker to the extent necessary to confuse a server.

It's true that receipt is what matters ultimately.

I've updated the PR
( to capture this
nuance.  Hopefully it isn't awful.

Received on Thursday, 27 July 2017 07:15:43 UTC