- From: Willy Tarreau <w@1wt.eu>
- Date: Sat, 27 Jan 2024 08:16:46 +0100
- To: Tommy Pauly <tpauly@apple.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Jan 23, 2024 at 09:41:39AM -0800, Tommy Pauly wrote: > Hello HTTP, > > This email starts a working group adoption call for "Security Considerations > for Optimistic Use of HTTP Upgrade", > draft-schwartz-httpbis-optimistic-upgrade. Notably, this updates RFC 9298 > (connect-udp, which was produced by the MASQUE WG) on how to handle HTTP > Upgrade, including to disallow optimistic data sending for HTTP/1.1. > > The document can be found here: > > https://datatracker.ietf.org/doc/draft-schwartz-httpbis-optimistic-upgrade/ > https://www.ietf.org/archive/id/draft-schwartz-httpbis-optimistic-upgrade-00.html > > This adoption call will last for 3 weeks, until Tuesday, February 13. Please > reply to this email with your reviews and comments, and whether or not you > think HTTPBIS should adopt this draft. I support adoption. Such a work has long been needed, there have been concerns around the risk of uploading data before the handshake completes since at least the work that led to WebSocket, where it was decided that the client had to make use of the server's response in part (but not only) to make sure it couldn't send before the 101 status was received. Thanks, Willy
Received on Saturday, 27 January 2024 07:16:55 UTC