Re: Sec-Scheme request header?
Mark Nottingham <mnot@mnot.net> Thu, 14 April 2016 08:05 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30D6712DB7D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 01:05:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.917
X-Spam-Level:
X-Spam-Status: No, score=-7.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cPuZMqKjR1YJ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 01:05:47 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D15D512DA29 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 14 Apr 2016 01:05:47 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aqcDP-0001Zn-Nx for ietf-http-wg-dist@listhub.w3.org; Thu, 14 Apr 2016 08:01:27 +0000
Resent-Date: Thu, 14 Apr 2016 08:01:27 +0000
Resent-Message-Id: <E1aqcDP-0001Zn-Nx@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1aqcDM-0001Yt-LL for ietf-http-wg@listhub.w3.org; Thu, 14 Apr 2016 08:01:24 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1aqcDJ-0007Vz-MO for ietf-http-wg@w3.org; Thu, 14 Apr 2016 08:01:23 +0000
Received: from [192.168.1.101] (unknown [120.149.194.112]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 94E3522E2BA; Thu, 14 Apr 2016 04:00:56 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAKXHy=e8yD=Ask4kR6zhH9-1YSOqJXexb1XaRjgTp0aMXTUiqw@mail.gmail.com>
Date: Thu, 14 Apr 2016 18:00:53 +1000
Cc: Martin Thomson <martin.thomson@gmail.com>, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A9541032-39B5-48CE-86B7-A04A7C84E75D@mnot.net>
References: <ED1304AC-126B-486B-A58D-81D24C8F5C06@mnot.net> <CAKXHy=f=499HWYurEsTodjrJr6rR7DBkcFiVwmJGE0ogYFPAaQ@mail.gmail.com> <CAOdDvNrZuDHBLcMeKNhCMewi1zKOAnUt-CY9Cdh4vgi-CjcVAg@mail.gmail.com> <CABkgnnUxh=Anv3HjCMo9nhggmmTz8G+Mc2WHLtugBrdb1Jppzw@mail.gmail.com> <B66FB746-B2D0-4106-91AC-B4E0995BE75A@mnot.net> <CAKXHy=e8yD=Ask4kR6zhH9-1YSOqJXexb1XaRjgTp0aMXTUiqw@mail.gmail.com>
To: Mike West <mkwst@google.com>
X-Mailer: Apple Mail (2.3124)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-8.2
X-W3C-Hub-Spam-Report: AWL=1.358, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1aqcDJ-0007Vz-MO 8f1444cf60911f337f5d5c23ffac6e74
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Sec-Scheme request header?
Archived-At: <http://www.w3.org/mid/A9541032-39B5-48CE-86B7-A04A7C84E75D@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31450
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
> On 14 Apr 2016, at 5:52 PM, Mike West <mkwst@google.com> wrote: > > I'm a little worried about terminating TLS somewhere, but carrying a "totally secure" indicator through various proxies and etc. until reaching an origin server. Doesn't that seem more confusing and problematic than status quo? "SSL added and removed here", and etc. It's not a totally secure indicator; it's an indicator of what state the client is in WRT scheme. That state isn't explicit now, so server-side software has to guess. This is something that would be really useful for disambiguating things in cases where the same server-side code is handling both HTTP and HTTPS URLs. The Opportunistic Security draft was one place this came up; I'm wondering if it'd be useful in other ways. To be clear, I'm not pushing this, just wondering out loud. Cheers, -- Mark Nottingham https://www.mnot.net/
- Sec-Scheme request header? Mark Nottingham
- Re: Sec-Scheme request header? Mike West
- Re: Sec-Scheme request header? Patrick McManus
- Re: Sec-Scheme request header? Martin Thomson
- Re: Sec-Scheme request header? Mark Nottingham
- Re: Sec-Scheme request header? Mike West
- Re: Sec-Scheme request header? Mark Nottingham
- Re: Sec-Scheme request header? Mike West
- Re: Sec-Scheme request header? Amos Jeffries