- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 28 Jul 2017 06:32:57 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Benjamin Kaduk <bkaduk@akamai.com>, Kazuho Oku <kazuhooku@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Jul 28, 2017 at 09:37:37AM +1000, Martin Thomson wrote: > The requirement to treat requests consistently is something we should > retain no matter what the outcome of this discussion is. This can be one of the strong prerequisites in the spec. After all the problem is generalized. Early data come with high risks of replay and every user need to be careful when using them, both clients which should only use it for safe requests, and servers which need to be prepared to handle it safely. The reason I refused to implement support for this in haproxy precisely is because of the lack of a strict policy around it making it dangerous. If the text is strong enough and the risks are clear, it can really be a great feature. Willy
Received on Friday, 28 July 2017 04:33:26 UTC