IETF Logo Mail Archive

Re: #144: Attacks from Same Host (OppSec)

Martin Thomson <martin.thomson@gmail.com> Thu, 03 March 2016 00:20 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4F3C1B3682 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Mar 2016 16:20:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.008
X-Spam-Level:
X-Spam-Status: No, score=-7.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ymDgDqj6ydtA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Mar 2016 16:20:51 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A60661B367D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 2 Mar 2016 16:20:51 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1abGwO-0004xf-N7 for ietf-http-wg-dist@listhub.w3.org; Thu, 03 Mar 2016 00:16:28 +0000
Resent-Date: Thu, 03 Mar 2016 00:16:28 +0000
Resent-Message-Id: <E1abGwO-0004xf-N7@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1abGwI-0004wk-U2 for ietf-http-wg@listhub.w3.org; Thu, 03 Mar 2016 00:16:22 +0000
Received: from mail-io0-f179.google.com ([209.85.223.179]) by lisa.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1abGwF-000170-CK for ietf-http-wg@w3.org; Thu, 03 Mar 2016 00:16:21 +0000
Received: by mail-io0-f179.google.com with SMTP id l127so10318336iof.3 for <ietf-http-wg@w3.org>; Wed, 02 Mar 2016 16:15:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=YYiU6FyZIx7YiOx186mQ7nWwmv+bQJblLRZzzK7H15A=; b=AUN27U5OLroALeLPRD4rOXwhNlDSGq4guEJ8r4FfCyFYjrMzguNe8xbsYQ1siIdUpM 1Y2lS8WbgBT2HBtw8aRSGQyubR7bx0c2D8eQo6A3Dr/8CLG0YRemGxqo3k0JAbM9Y+b/ MUigUKA0BzarzlKW3n1HKg4MQG3VQCjvhMiEPWi4NI8Nc2eLIgIJSBKPZHChh+XfECBG wTTLkr8C1OtrOvMsS8zIUgb4mvFfFZCCRiL3nFUhVo3XaV5dj3EHy9YYeIAp3aOjAgho DR0EuUcIsSpa1R/lAI97Uqy1aR+K9PGWdFkQxvTt4xSHB0CkAmv6UVl27oISMoE6d4Ri amfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=YYiU6FyZIx7YiOx186mQ7nWwmv+bQJblLRZzzK7H15A=; b=FvmSRyUuT5YHGCku7TbwqAztC2TQAPuR36CmGKZhPPIjNxRsEhHE2VrVA5yygxGwD9 /7KMdy8lgGMkkUhlerMeNBsSIx3E//7+qoOzUHR9zT571fbfTFfCycfTqsjI9/GhVjfH 17MsMkyVjPlg07AckuyCWdsD5IaBOqdu8BerP1X/YoICZq0B1ePGS2ctb098WzaaIZ4G 0UNS/DE7fo37DOCHrQquwaYNy9o7wbXKvLoTKBHbQ3keq0VtMsYg653T+xKn4/YS1olk 9I4sveOs2L2aH3SrDvXlxTQ69aCWm1hEertfer5KY1l4xo+iZlKVDtTSo/zYdN2esWYU j4lg==
X-Gm-Message-State: AD7BkJLyItZP4+dl6gWmOkiB14cZMw/7/tQ2ile7gDk8TTtCGhDfktj2oF4bg9eFDF6Jbk9yHtoJF9NOCDJEyA==
MIME-Version: 1.0
X-Received: by 10.107.41.133 with SMTP id p127mr185480iop.100.1456964153186; Wed, 02 Mar 2016 16:15:53 -0800 (PST)
Received: by 10.36.43.5 with HTTP; Wed, 2 Mar 2016 16:15:53 -0800 (PST)
In-Reply-To: <54E9552F-5569-4E79-814A-08A6039FB12C@mnot.net>
References: <2D0BB544-917B-4903-9C12-E33FD877619F@mnot.net> <CABkgnnUTCTtv0tE+cx-0uWmytZSoz6TbX5wdatEKGK=vDQctqg@mail.gmail.com> <54E9552F-5569-4E79-814A-08A6039FB12C@mnot.net>
Date: Thu, 03 Mar 2016 11:15:53 +1100
Message-ID: <CABkgnnXp+8-O=tT_fpaZOqkuaZ=RYoJp7-NmsQ9c7sMWuCQQoQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP WG <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.223.179; envelope-from=martin.thomson@gmail.com; helo=mail-io0-f179.google.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.835, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1abGwF-000170-CK 0a58fcc382dcd1e7644959d3bf95be55
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #144: Attacks from Same Host (OppSec)
Archived-At: <http://www.w3.org/mid/CABkgnnXp+8-O=tT_fpaZOqkuaZ=RYoJp7-NmsQ9c7sMWuCQQoQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31159
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 3 March 2016 at 10:18, Mark Nottingham <mnot@mnot.net> wrote:
>> If the alternative is actually an alternative, the .well-known
>> solution should produce files in both places.  So checking both won't
>> just especially.
>
> parse error

...clucking autocorrect.  I mean to say that checking both won't hurt
especially.  It might slow switchover times, but alt-svc was never
going to fast because it doesn't need to be.

v2.23.0 | Report a Bug | By Email