Re: I-D Action: draft-ietf-httpbis-optimistic-upgrade-01.txt from Ben Schwartz on 2024-10-22 (ietf-http-wg@w3.org from October to December 2024)

From: Ben Schwartz <bemasc@meta.com>
Date: Tue, 22 Oct 2024 15:51:29 +0000
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <SA1PR15MB43708B557C593A60D7352DE0B34C2@SA1PR15MB4370.namprd15.prod.outlook.com>

Hi HTTPBIS,

This version contains significant changes to the Optimistic Upgrade draft:

* The draft now covers both Upgrade and CONNECT.  Accordingly, it has a new title: "Security Considerations for Optimistic Protocol Transitions in HTTP/1.1" (https://github.com/httpwg/http-extensions/issues/2817)
* We don't seem to have consensus on the formal status of "Upgrade: HTTP/*.*".  To avoid getting stuck in that quagmire, I've removed all mention of it from the draft.  (https://github.com/httpwg/http-extensions/issues/2737)
* More discussion of why optimistic use of "Upgrade: TLS/*.*" is forbidden but also probably safe. (https://github.com/httpwg/http-extensions/pull/2828)
* Recommending using "GET" for Upgrade when the method is irrelevant. (https://github.com/httpwg/http-extensions/issues/2738)

I believe this draft is ready for WGLC.

--Ben
________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Monday, October 21, 2024 5:17 PM
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: ietf-http-wg@w3.org <ietf-http-wg@w3.org>
Subject: I-D Action: draft-ietf-httpbis-optimistic-upgrade-01.txt

Internet-Draft draft-ietf-httpbis-optimistic-upgrade-01.txt is now available.
It is a work item of the HTTP (HTTPBIS) WG of the IETF.

   Title:   Security Considerations for Optimistic Protocol Transitions in HTTP/1.1
   Author:  Benjamin M. Schwartz
   Name:    draft-ietf-httpbis-optimistic-upgrade-01.txt
   Pages:   9
   Dates:   2024-10-21

Abstract:

   In HTTP/1.1, the client can request a change to a new protocol on the
   existing connection.  This document discusses the security
   considerations that apply to data sent by the client before this
   request is confirmed, and updates RFC 9298 to avoid related security
   issues.

The IETF datatracker status page for this Internet-Draft is:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-httpbis-optimistic-upgrade/__;!!Bt8RZUm9aw!-v37H0tfE3_1ob9_H9OD5dvbOhQyIAJ6jecXLKdEIhCOST7pQrd-1KGkwBSjho6lON319dQBD2Dun_SOpy0_YQ$

There is also an HTML version available at:
https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-httpbis-optimistic-upgrade-01.html__;!!Bt8RZUm9aw!-v37H0tfE3_1ob9_H9OD5dvbOhQyIAJ6jecXLKdEIhCOST7pQrd-1KGkwBSjho6lON319dQBD2Dun_Q_O7X7sA$

A diff from the previous version is available at:
https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-optimistic-upgrade-01__;!!Bt8RZUm9aw!-v37H0tfE3_1ob9_H9OD5dvbOhQyIAJ6jecXLKdEIhCOST7pQrd-1KGkwBSjho6lON319dQBD2Dun_RLfpPBvg$

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

Received on Tuesday, 22 October 2024 15:51:36 UTC