Re: Empty but existing resource | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

Martin Thomson <martin.thomson@gmail.com> Fri, 07 October 2016 08:38 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D80B1294A0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 7 Oct 2016 01:38:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.017
X-Spam-Level:
X-Spam-Status: No, score=-10.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j9tcMjLGx1di for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 7 Oct 2016 01:38:35 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF5A2129497 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 7 Oct 2016 01:38:34 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bsQc0-0001Je-PN for ietf-http-wg-dist@listhub.w3.org; Fri, 07 Oct 2016 08:34:36 +0000
Resent-Date: Fri, 07 Oct 2016 08:34:36 +0000
Resent-Message-Id: <E1bsQc0-0001Je-PN@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1bsQbu-0001IL-1k for ietf-http-wg@listhub.w3.org; Fri, 07 Oct 2016 08:34:30 +0000
Received: from mail-qt0-f172.google.com ([209.85.216.172]) by maggie.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1bsQbs-00031D-K8 for ietf-http-wg@w3.org; Fri, 07 Oct 2016 08:34:29 +0000
Received: by mail-qt0-f172.google.com with SMTP id q7so18490446qtq.1 for <ietf-http-wg@w3.org>; Fri, 07 Oct 2016 01:34:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YY4eAJlCMWzspeQkYNcelEuQY90zGCOGMobWFCk39kg=; b=04efcYbdQ+0v1Eltsk6NHEMuN6JBMqzkFi7/6OoqA2l0OM5BZnbgC1hktzWNNbL2WU Z5LemkL9LkbxCw17x3d4ap2St/Tuahyo4JWdCqT+duUcGlYAslFW0v3QOd+gQXF4gz16 j5irioLTgMUYALHFyVwpdMhXf09HrXBmNka1RKQTMoN4v38gw24hdle6Znqew6nqkU3e NoRSaGsXUi9bK/VaQcj9WqNsh23A8VgWg/0pbWWAVuWmno0qtqrYEbJvbRzar3SNcLdL JDM84RWFN75qiWIbd6iKGzhW5/d/OHahTVSWVHMu/69GfnMTu01zNiI5Dru4kM0wYisE 2mZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YY4eAJlCMWzspeQkYNcelEuQY90zGCOGMobWFCk39kg=; b=ijlLT2YDRYYPX25iOsrENIAlD7gNl3j3yx25ZRL433H4fV8o1V7JdEudYGn6CMD+0v FvpZtXFh84b8hU387JKr7PoPSuJGtxeOotDsfSf24RtK2UkM1de2hrPa37VnseGs20ZQ p1PzRpn6xWvBzUePs8uU7ksnfZ7ZALeomBbQT1J8zvyL0UJRY5BlCNxV+SoreHW6spoe Q17VBM1Wm7B/jpjwQT7uWduw7NQvYHbliKVCEgXYXid3mCpaOxHPpP8dAof1Mqz/Fe21 T8dX5V0C9SXnHxv8sR5XHDK4xvr+lIQhY20sD+3CFpyzkZFlQxIDRiUxt1Bonq6AnQab qOkA==
X-Gm-Message-State: AA6/9RkSre67kWW05HSI/dj+GzMQDHemMVCLYfhtETnn7zo5Ev9GFqqy4mmPZSpUEoUworUTZImJg84pvZsnUQ==
X-Received: by 10.200.41.71 with SMTP id z7mr19015079qtz.107.1475829242600; Fri, 07 Oct 2016 01:34:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Fri, 7 Oct 2016 01:34:02 -0700 (PDT)
In-Reply-To: <BN6PR03MB2708B10DA14691402007A1F587C60@BN6PR03MB2708.namprd03.prod.outlook.com>
References: <20161004160321.DFB4C111E5@welho-filter1.welho.com> <BN6PR03MB27082C2CF4DC3F8F82354FDE87C50@BN6PR03MB2708.namprd03.prod.outlook.com> <201610050451.u954pomK003643@shell.siilo.fmi.fi> <CAOdDvNpRN_trGi23BpqUxmaLoLvom9+Yiew0GkNkhgwvqw4Bew@mail.gmail.com> <CABkgnnVKeqnyqhgL=jx1WqtcByqHes25XDJ684J+rNwvQt+znQ@mail.gmail.com> <201610051336.u95DaAW2020152@shell.siilo.fmi.fi> <CABkgnnVaBVE8mUxuGXYe-WeM_OkiNHcA=egnb1-nOxtdujShfw@mail.gmail.com> <201610051616.u95GGWcI031833@shell.siilo.fmi.fi> <BN6PR03MB2708B42C6964AA22AF8FFDC487C40@BN6PR03MB2708.namprd03.prod.outlook.com> <CABkgnnVJ7VRBH4VeGODkSUXdW9XHs8AjB_M0mm8Kt=nv3djvEg@mail.gmail.com> <201610070421.u974LN2M008845@shell.siilo.fmi.fi> <CABkgnnWDm3=VyCUzoHjc1VncxsyiZy-m2ieLvp=CzXwXVto7Rg@mail.gmail.com> <BN6PR03MB2708B10DA14691402007A1F587C60@BN6PR03MB2708.namprd03.prod.outlook.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 7 Oct 2016 19:34:02 +1100
Message-ID: <CABkgnnXo8G0ZhfaZ6=C6JkkLRNOWhf6TANfL0aF29i4+D1FVoA@mail.gmail.com>
To: Mike Bishop <Michael.Bishop@microsoft.com>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Patrick McManus <mcmanus@ducksong.com>, HTTP working group mailing list <ietf-http-wg@w3.org>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=209.85.216.172; envelope-from=martin.thomson@gmail.com; helo=mail-qt0-f172.google.com
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=0.332, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bsQbs-00031D-K8 0a4cba703fd3cb9d8ebae5c1a054279f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Empty but existing resource | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt
Archived-At: <http://www.w3.org/mid/CABkgnnXo8G0ZhfaZ6=C6JkkLRNOWhf6TANfL0aF29i4+D1FVoA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32515
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 7 October 2016 at 16:49, Mike Bishop <Michael.Bishop@microsoft.com> wrote:
> The client isn't requesting additional functionality via Opp-Sec, but
> gaining a way to double-check the alternative's intent/ability to play along
> when the initial reference was vulnerable to meddling.  (Unless we're
> proposing to update RFC 7838 by adding that MUST?)

Nah, updates aren't necessary, we're just looking for belts AND braces
on this stuff.  We have some evidence that scheme isn't routinely
looked at in the critical parts of the stack, so this is in response
to that.  Yep, it's paranoid.