- From: Lou Steinberg <lou@ctminsights.com>
- Date: Sat, 7 Jul 2018 19:34:20 -0400
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Cc: "Brzozowski, John Jason" <jjmb@jjmb.com>, Mike Bishop <mbishop@evequefou.be>
Hi Folks- We want to offer a quick update and note of support for SNI alt services in advance of the Montreal meeting. A group of tech leaders from Akamai, Bloomberg, Comcast, CTM (formerly TD Ameritrade), Google, NS1, and Squarespace have been working on a method to create short-lived, pairwise trust relationships between clients and destinations. A number of us have dealt with large-scale DDoS attacks, and we believe that this approach has significant benefits in mitigating their impact. We built a proof of concept and tested the effectiveness, performance and resiliency of our ideas. We then documented and submitted draft-jjmb-httpbis-trusted-traffic-00.txt to share with the broader community. Some of the feedback received pointed us to SNI Alternative Services (draft-bishop-httpbis-sni-altsvc-02) as another way to implement the distribution and assertion of our tokens. We have since successfully tested Alternative Services (RFC7838) as a mechanism to distribute a token from an origin and to redirect the client to a transparent proxy in front of the origin that serves as one of our edge "validators". We intend to publish an implementation report draft describing our experiences. We believe that the "SNI" parameter in sni-altsvc provides a good mechanism in our model for a client to assert to a validator that it is trusted, and would like to offer our support for continued consideration and advancement of that draft. We assume this group is interested in real-world use cases and expressions of support for in-flight drafts. Thanks! Lou Steinberg John Brzozowski -- --- Lou Steinberg Managing Partner CTM Insights, llc
Received on Saturday, 7 July 2018 23:47:22 UTC