Re: 2.2. Interaction with "https" URIs | Re: Op-sec simplification

Kari Hurtta <hurtta-ietf@elmme-mailer.org> Thu, 10 November 2016 05:11 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E98A6129A1A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 9 Nov 2016 21:11:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.398
X-Spam-Level:
X-Spam-Status: No, score=-8.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UVwcQ9I2EK27 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 9 Nov 2016 21:11:57 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A95111295DB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 9 Nov 2016 21:11:57 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c4haq-0007R8-J6 for ietf-http-wg-dist@listhub.w3.org; Thu, 10 Nov 2016 05:08:08 +0000
Resent-Date: Thu, 10 Nov 2016 05:08:08 +0000
Resent-Message-Id: <E1c4haq-0007R8-J6@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <hurtta@siilo.fmi.fi>) id 1c4hah-0007Ox-Qc for ietf-http-wg@listhub.w3.org; Thu, 10 Nov 2016 05:07:59 +0000
Received: from smtpvgate.fmi.fi ([193.166.223.36]) by mimas.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from <hurtta@siilo.fmi.fi>) id 1c4haZ-0000dI-Gf for ietf-http-wg@w3.org; Thu, 10 Nov 2016 05:07:54 +0000
Received: from basaari.fmi.fi (basaari.fmi.fi [193.166.211.14]) (envelope-from hurtta@siilo.fmi.fi) by smtpVgate.fmi.fi (8.13.8/8.13.8/smtpgate-20161014/smtpVgate) with ESMTP id uAA57GBe017011 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 10 Nov 2016 07:07:16 +0200
Received: from shell.siilo.fmi.fi by basaari.fmi.fi with ESMTP id uAA57G05027408 ; Thu, 10 Nov 2016 07:07:16 +0200
Received: from shell.siilo.fmi.fi ([127.0.0.1]) by shell.siilo.fmi.fi with ESMTP id uAA57GuA002121 ; Thu, 10 Nov 2016 07:07:16 +0200
Received: by shell.siilo.fmi.fi id uAA57Fxu002120; Thu, 10 Nov 2016 07:07:15 +0200
Message-Id: <201611100507.uAA57Fxu002120@shell.siilo.fmi.fi>
In-Reply-To: <CABkgnnWWMuf5kXE4T8xTqfKPhpTymS6mMr3Q_RtdnDSsfnUDHQ@mail.gmail.com>
References: <20161031053239.E9C6D12F5D@welho-filter3.welho.com> <20161101172202.BE19F12310@welho-filter1.welho.com> <CABkgnnWhcp_tVx9M9FTOdSF-U5EoAzdNNVZaYzjdxUGhHydX7w@mail.gmail.com> <201611020548.uA25m4Wm026906@shell.siilo.fmi.fi> <CABkgnnUL+AJEi=92K95f22vrx17Rmm0j1rEahhwu-my3DPcEwA@mail.gmail.com> <CAKC-DJiGp3g26nDZJg4tor4B7-om+BZZp=Hgp4JXNik_ibDPkQ@mail.gmail.com> <CABkgnnUanWhMncsp2XDZgwXjCn7K7+39mvmXWZKFjMDHw6UwOA@mail.gmail.com> <201611040423.uA44Na1e009784@shell.siilo.fmi.fi> <CABkgnnWWMuf5kXE4T8xTqfKPhpTymS6mMr3Q_RtdnDSsfnUDHQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 10 Nov 2016 07:07:15 +0200 (EET)
Sender: hurtta@siilo.fmi.fi
From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Erik Nygren <erik@nygren.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
X-Mailer: ELM [version ME+ 2.5 PLalpha43]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
X-Filter: smtpVgate.fmi.fi: 3 received headers rewritten with id 20161110/22673/01
X-Filter: smtpVgate.fmi.fi: ID 22673/01, 1 parts scanned for known viruses
X-Filter: basaari.fmi.fi: ID 161669/01, 1 parts scanned for known viruses
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtpVgate.fmi.fi [193.166.223.36]); Thu, 10 Nov 2016 07:07:17 +0200 (EET)
Received-SPF: none client-ip=193.166.223.36; envelope-from=hurtta@siilo.fmi.fi; helo=smtpVgate.fmi.fi
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=0.413, BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.899, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1c4haZ-0000dI-Gf 0733cfbf950d049cf6ee2c712ebdb320
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 2.2. Interaction with "https" URIs | Re: Op-sec simplification
Archived-At: <http://www.w3.org/mid/201611100507.uAA57Fxu002120@shell.siilo.fmi.fi>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32859
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

[ was
  To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
  cc: Erik Nygren <erik@nygren.org>rg>, 
                HTTP working group mailing list <ietf-http-wg@w3.org>
]

Martin Thomson <martin.thomson@gmail.com>om>: (Sat Nov  5 23:51:10 2016)
> On 4 November 2016 at 15:23, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> > Only one origin per connection ("dedicated-connection") is
> > better to use some other mechanism because that look
> > someting which is not limited to Opportunistic HTTP Security.
> > It looks like something which is wanted also for "https".
> 
> 
> Yeah, I'm wondering if this isn't a) enough for this mixed scheme
> concern, and b) enough for the origin frame.

I do not know.

If that does not is like:

« We can't support/use "Opportunistic HTTP Security"
  because concern XXX. Resolution of concern XXX
  requires support of "other mechanism" (not on
  "Opportunistic HTTP Security") and if our client
  supports "Opportunistic HTTP Security" 
  that is no indication support of "other mechanism". »

I'm also just wondering.

/ Kari Hurtta