- From: Mahesh Jethanandani via Datatracker <noreply@ietf.org>
- Date: Fri, 12 Sep 2025 21:53:48 -0700
- To: "The IESG" <iesg@ietf.org>
- Cc: draft-ietf-httpbis-optimistic-upgrade@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, tpauly@apple.com, tpauly@apple.com
Mahesh Jethanandani has entered the following ballot position for draft-ietf-httpbis-optimistic-upgrade-05: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-optimistic-upgrade/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I also agree with Gorry that the abstract wording could be updated to explain the true purpose of the document. Section 5.3 > A client MAY optimistically start sending UDP packets in HTTP Datagrams before receiving the response to its UDP proxying request, but only if the HTTP version in use is HTTP/2 or later. Clients MUST NOT send UDP packets optimistically in HTTP/1.x due to the risk of request smuggling attacks. The guidelines for the client are great, but shouldn’t there be a similar requirement for the server. Something along the lines of “If a server receiving UDP packets optimistically in a session that is HTTP/1.1 and has received a Upgrade Request but has not responded to that request, it should drop all the UDP packets received optimistically”. Something similar should be mentioned in Section 7 for the CONNECT method also.
Received on Saturday, 13 September 2025 04:53:52 UTC