- From: Willy Tarreau <w@1wt.eu>
- Date: Sat, 23 Sep 2017 06:34:16 +0200
- To: Kyle Rose <krose@krose.org>
- Cc: Benjamin Kaduk <bkaduk@akamai.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Sep 22, 2017 at 12:38:17PM -0400, Kyle Rose wrote: > On Fri, Sep 22, 2017 at 9:17 AM, Benjamin Kaduk <bkaduk@akamai.com> wrote: > > "In some deployments the TLS server functionality is provided by a cluster > > or pool of independent machines that share credentials and key material for > > server authentication and session resumption, subject to some form of load > > balancing. In order to safely process early data before the handshake > > completes, such deployments also need to share a common algorithm for > > determining whether a given HTTP request is safe to begin processing before > > the handshake completes. A server MUST NOT act on early data before the > > handshake completes if it belongs to such a cluster or pool and there is not > > such an agreed algorithm for determining request safety. > > I don't think this is sufficient: the agreed-upon algorithm could be > to accept if the server IP is odd and reject if the server IP is even, > but that would violate the consistency constraint. > > I think we want something like "A server MUST NOT act on early data > before the handshake completes if it and another server in the same > cluster or pool could, given the same early data, disagree on whether > to process that data prior to handshake completion or not." I think it covers it all like this. I'd add "The same rule applies to gateways". Benjamin's proposal is more exhaustive but I think that your sentence above is sufficient considering that the expected actions are already covered in the rest of the spec. Willy
Received on Saturday, 23 September 2017 05:25:02 UTC