- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 3 Jul 2018 09:46:23 +1000
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, "Ludin, Stephen" <sludin@akamai.com>, Nick Sullivan <nick@cloudflare.com>
Did you want to hint at what you might do when you receive one of these things? That is, is there a 5xx-series status code that a CDN might use if it recognizes itself in the header field? As Patrick mentioned, Via is abused in ways that can be fairly invasive. Aside from the obvious question of how this time it will be different, which might be addressed with more text, are there some missing privacy considerations? On Mon, Jul 2, 2018 at 5:04 PM Mark Nottingham <mnot@mnot.net> wrote: > > (Co-author hat on) > > For interest / discussion. This is a proposal for a minimal mechanism to avoid loop attacks and misconfigurations against CDNs. Feedback appreciated. > > Cheers, > > > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-cdn-loop-prevention-00.txt > Date: 27 June 2018 at 2:12:46 pm AEST > To: "Stephen Ludin" <sludin@akamai.com>, "Mark Nottingham" <mnot@fastly.com>, "Nick Sullivan" <nick@cloudflare.com> > > > A new version of I-D, draft-cdn-loop-prevention-00.txt > has been successfully submitted by Mark Nottingham and posted to the > IETF repository. > > Name: draft-cdn-loop-prevention > Revision: 00 > Title: CDN Loop Prevention > Document date: 2018-06-27 > Group: Individual Submission > Pages: 5 > URL: https://www.ietf.org/internet-drafts/draft-cdn-loop-prevention-00.txt > Status: https://datatracker.ietf.org/doc/draft-cdn-loop-prevention/ > Htmlized: https://tools.ietf.org/html/draft-cdn-loop-prevention-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-cdn-loop-prevention > > > Abstract: > This specification defines the CDN-Loop request header field for > HTTP. > > > -- > Mark Nottingham https://www.mnot.net/ >
Received on Monday, 2 July 2018 23:47:03 UTC