- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 28 Jul 2024 07:02:52 +0200
- To: ietf-http-wg@w3.org
On 27.07.2024 16:44, Patrick Meenan wrote: > > > On Sat, Jul 27, 2024 at 4:23 AM Julian Reschke <julian.reschke@gmx.de > <mailto:julian.reschke@gmx.de>> wrote: > > On 26.07.2024 00:27, Josh Cohen wrote: > > On the httpwg agenda at IETF 120 were a proposal for a new QUERY > method > > and Braid, which has subscription functionality that overloads > the GET > > method. > > > > What I am curious about is if, at this point in the evolution of the > > web, it is now safe to add new methods for new functionality. > I've been > > reading up on HTTP/2/3 and it seems that nowadays, connections are > > end-to-end secure and are essentially tunneled through middle boxes, > > including HTTP/1.1 proxies. I'm still just wrapping my head around > > MASQUE, but it looks like it can handle arbitrary methods. Similarly > > origin servers have evolved to support arbitrary methods. > > It always has been "safe", when https was used. > > > https is not "safe" in practical terms because of middleboxes that > intercept the connections. It is very common in enterprise deployments > where they install local trust anchors on the client devices and use > mitm software to inspect the traffic. > ... I meant "safe" wrt deploying new HTTP methods. When was the last time you encountered a problem? Best regards, Julian
Received on Sunday, 28 July 2024 05:02:59 UTC