Re: I-D Action: draft-ietf-httpbis-optimistic-upgrade-03.txt from Ben Schwartz on 2025-04-03 (ietf-http-wg@w3.org from April to June 2025)

From: Ben Schwartz <bemasc@meta.com>
Date: Thu, 3 Apr 2025 13:00:56 +0000
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <SA1PR15MB437022FB667152C2180F22D5B3AE2@SA1PR15MB4370.namprd15.prod.outlook.com>

Hi HTTPBIS,

This is an updated version of "Optimistic Upgrade" based on discussions at IETF 122.  The only changes in this version are again related to HTTP CONNECT in HTTP/1.1.  The guidance for that section now imposes mandatory requirement on both clients (who MUST wait for the 200 or send Connection: close) and servers (who MUST close the connection after rejecting a CONNECT request "when communicating with potentially vulnerable clients".

There are no more open issues for this draft.  I believe this draft is ready for WGLC.

--Ben Schwartz
________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Thursday, April 3, 2025 8:47 AM
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: ietf-http-wg@w3.org <ietf-http-wg@w3.org>
Subject: I-D Action: draft-ietf-httpbis-optimistic-upgrade-03.txt

Internet-Draft draft-ietf-httpbis-optimistic-upgrade-03.txt is now available.
It is a work item of the HTTP (HTTPBIS) WG of the IETF.

   Title:   Security Considerations for Optimistic Protocol Transitions in HTTP/1.1
   Author:  Benjamin M. Schwartz
   Name:    draft-ietf-httpbis-optimistic-upgrade-03.txt
   Pages:   10
   Dates:   2025-04-03

Abstract:

   In HTTP/1.1, the client can request a change to a new protocol on the
   existing connection.  This document discusses the security
   considerations that apply to data sent by the client before this
   request is confirmed, and updates RFC 9298 to avoid related security
   issues.

The IETF datatracker status page for this Internet-Draft is:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-httpbis-optimistic-upgrade/__;!!Bt8RZUm9aw!7l4ALZ8UtaiZgFFNOz53NH82vE_6imSwDcGxaGdBTft56aoirsiDHslxJcuB4V1gyw1r-V4lhonggsjdcRwYGg$

There is also an HTML version available at:
https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-httpbis-optimistic-upgrade-03.html__;!!Bt8RZUm9aw!7l4ALZ8UtaiZgFFNOz53NH82vE_6imSwDcGxaGdBTft56aoirsiDHslxJcuB4V1gyw1r-V4lhonggshyBZqYkg$

A diff from the previous version is available at:
https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-optimistic-upgrade-03__;!!Bt8RZUm9aw!7l4ALZ8UtaiZgFFNOz53NH82vE_6imSwDcGxaGdBTft56aoirsiDHslxJcuB4V1gyw1r-V4lhonggsjMiprz0A$

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

Received on Thursday, 3 April 2025 13:01:09 UTC