IETF Logo Mail Archive

Re: New Version Notification for draft-bishop-http2-extension-frames-00.txt

"Nicolas Mailhot" <nicolas.mailhot@laposte.net> Thu, 14 November 2013 11:39 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73B3D21E80E0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Nov 2013 03:39:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jGLxxhIR3W54 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Nov 2013 03:39:51 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id E41D921E8095 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 14 Nov 2013 03:39:50 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1VgvGT-000390-LX for ietf-http-wg-dist@listhub.w3.org; Thu, 14 Nov 2013 11:39:13 +0000
Resent-Date: Thu, 14 Nov 2013 11:39:13 +0000
Resent-Message-Id: <E1VgvGT-000390-LX@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <nicolas.mailhot@laposte.net>) id 1VgvGH-00038F-Ch for ietf-http-wg@listhub.w3.org; Thu, 14 Nov 2013 11:39:01 +0000
Received: from smtpout6.laposte.net ([193.253.67.231] helo=smtpout.laposte.net) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <nicolas.mailhot@laposte.net>) id 1VgvGF-00041W-V5 for ietf-http-wg@w3.org; Thu, 14 Nov 2013 11:39:01 +0000
Received: from arekh.dyndns.org ([88.174.226.208]) by mwinf8512-out with ME id pPeX1m0084WQcrc03PeXXg; Thu, 14 Nov 2013 12:38:33 +0100
Received: from localhost (localhost [127.0.0.1]) by arekh.dyndns.org (Postfix) with ESMTP id 55E3E2E43C5; Thu, 14 Nov 2013 12:38:31 +0100 (CET)
X-Virus-Scanned: amavisd-new at arekh.dyndns.org
Received: from arekh.dyndns.org ([127.0.0.1]) by localhost (arekh.okg [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pbNhaBzXIFi2; Thu, 14 Nov 2013 12:38:30 +0100 (CET)
Received: from arekh.dyndns.org (localhost [127.0.0.1]) by arekh.dyndns.org (Postfix) with ESMTP; Thu, 14 Nov 2013 12:38:30 +0100 (CET)
Received: from 163.116.6.14 (SquirrelMail authenticated user nim) by arekh.dyndns.org with HTTP; Thu, 14 Nov 2013 12:38:30 +0100
Message-ID: <d40c5abc9830194fbb17bf812b693334.squirrel@arekh.dyndns.org>
In-Reply-To: <CABP7RbcTDhLD3p+L9MK0OvH+_qOUXo6+tWK7kYa20LTV78UNFQ@mail.gmail.com>
References: <20131108191248.7092.81493.idtracker@ietfa.amsl.com> <22b40d443dcc474fb6a1ecd947e9fe9a@BY2PR03MB091.namprd03.prod.outlook.com> <CABP7Rbcp0EByWkjX=wZOREKfEwGN3hVm4gAe-bH2_dEpP5DpYg@mail.gmail.com> <CABP7Rbdv4QG-tBjyd5BR4-4OOzp-g9_NoTh-VOSg1Qw_18St7Q@mail.gmail.com> <33aa09afa0de40d3b7663343eef4903a@BY2PR03MB091.namprd03.prod.outlook.com> <CABP7Rbf29DCPnu_xuGbakGS43xGJd1ujtcJmLkY+jGBnm---gA@mail.gmail.com> <21eb8653f65c8c9306c7258ec63be3f5.squirrel@arekh.dyndns.org> <CABP7RbcTDhLD3p+L9MK0OvH+_qOUXo6+tWK7kYa20LTV78UNFQ@mail.gmail.com>
Date: Thu, 14 Nov 2013 12:38:30 +0100
From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
To: James M Snell <jasnell@gmail.com>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Mike Bishop <michael.bishop@microsoft.com>, HTTP Working Group <ietf-http-wg@w3.org>
User-Agent: SquirrelMail/1.4.22-13.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Received-SPF: pass client-ip=193.253.67.231; envelope-from=nicolas.mailhot@laposte.net; helo=smtpout.laposte.net
X-W3C-Hub-Spam-Status: No, score=-2.8
X-W3C-Hub-Spam-Report: AWL=-2.769, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1VgvGF-00041W-V5 a65a55fdb5c9d9785750584f408c429c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-bishop-http2-extension-frames-00.txt
Archived-At: <http://www.w3.org/mid/d40c5abc9830194fbb17bf812b693334.squirrel@arekh.dyndns.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/20540
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Le Mar 12 novembre 2013 17:43, James M Snell a écrit :
> Content filtering is a different matter entirely, and usually happens
> in a way that is content-sensitive.

I like "usually". The truth is that outside advertisers, the NSA and
Hollywood movies the amount of content analysis done out there is very
minimal. There is known safe stuff, known unsafe stuff, a lot of probably
safe stuff, and
weird-stuff-we-dont-have-time-to-analyse-that-we-will-drop-for-now

What I'm use is any part of the spec with "use this if you want to avoid
filtering" is certain to be abused sooner than later. Just like port 443
and https encapsulation have been abused widely as soon as it become clear
it avoided lots of controls.

> The kind of "silent dropping"
> that's being discussed here is indiscriminate, with no consideration
> being given to the frame content. The fact of the matter is that
> silently dropping end-to-end frames without understanding why they've
> been transmitted is extremely dangerous.

So is "blindly accept what you don't know". No security professional will
sign on such a proposal, since he has to justify why he let dangerous
traffic pass in case of incident.

-- 
Nicolas Mailhot

v2.23.0 | Report a Bug | By Email