IETF Logo Mail Archive

Re: [httpwg/http-extensions] Stream-linking frames can reference Stream Zero (#586)

HTTP issue updates <http-issues@ietf.org> Sun, 27 May 2018 04:53 UTC

Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sat, 26 May 2018 21:53:55 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1527396835; bh=ha6oaXWZ45Wdy9SgtzMamu3b2VLnohQfx9vNG8MGw1U=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=k7aAM75+tmmzMl4szbUHInInLPKxCv6mufrRvTrLJPbEZcnppfBkHAV19qR6w0RAq xyWQ7TqFX983SFRxVXyQ/16HGa/5D37Cd55HSjFOd7uH1OstTbhfdVEgNwB1+TpAbv 5tEo2LmXS+qvHOmFzmHNcB9DYtcItUu8vzPPgCZ4=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/586@github.com>
References: <httpwg/http-extensions/pull/586@github.com>
Subject: Re: [httpwg/http-extensions] Stream-linking frames can reference Stream Zero (#586)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b0a39e32b47a_2eff2abd0e1baf5818836ac"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/MagVSBN8ySI_L9V3DR8MvoqPC7I>
Message-ID: <mailman.1134.1527396839.2697.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2018 04:53:58 -0000

MikeBishop commented on this pull request.



>  
-If the server does not have the desired certificate, it MUST \[see issue #564].
-In this case, or if the server has not advertised support for HTTP-layer
-certificates, the client MUST NOT send any requests for resources in that origin
-on the current connection.
+If the server does not have the desired certificate, it MUST send an empty
+`USE_CERTIFICATE` frame for stream zero.  In this case, or if the server has not

Actually, "empty" probably needs to be clarified here.  In the previous draft (i.e. where things were on-stream with the request), you could omit the CertID and send a USE_CERTIFICATE with a length of zero, which meant "I don't have / choose not to provide the requested certificate.  Deal."

If ExpAuth gives us an authenticated denial, I'd be fine using it.  But I'm also fine if it doesn't -- the point of ExpAuth is proving possession, and I think declining to provide an authenticator is sufficient for our purposes.  This isn't DNSsec where we want to authoritatively prove non-existence, we're just declining to supply a certificate (or, therefore, proof of possession).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/586#discussion_r191064735

v2.23.0 | Report a Bug | By Email