Re: 2.2. Interaction with "https" URIs | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt
Martin Thomson <martin.thomson@gmail.com> Sun, 09 October 2016 23:21 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B196128E19 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Oct 2016 16:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.017
X-Spam-Level:
X-Spam-Status: No, score=-10.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAsIwOc7yZrF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Oct 2016 16:21:55 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCB1D127ABE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 9 Oct 2016 16:21:55 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1btNLr-0003Nw-9A for ietf-http-wg-dist@listhub.w3.org; Sun, 09 Oct 2016 23:17:51 +0000
Resent-Date: Sun, 09 Oct 2016 23:17:51 +0000
Resent-Message-Id: <E1btNLr-0003Nw-9A@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1btNLl-0003MM-HK for ietf-http-wg@listhub.w3.org; Sun, 09 Oct 2016 23:17:45 +0000
Received: from mail-qk0-f179.google.com ([209.85.220.179]) by lisa.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1btNLj-0004wU-RQ for ietf-http-wg@w3.org; Sun, 09 Oct 2016 23:17:45 +0000
Received: by mail-qk0-f179.google.com with SMTP id o68so86063749qkf.3 for <ietf-http-wg@w3.org>; Sun, 09 Oct 2016 16:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/meYzFLfcc0ms87o1XxZr8n7z9204LZMlbH7r5LlDBM=; b=XMfLkqqYNU6LZd/nRy3/EMFO4V/TE4ST1ueOUGcAxWg0MzE/3lbaP18LO01XHg4vqF wEOXquteX7mpRqzRck2AOyfDlEvYmvIu/c2Hi6OVJlq2Js+HmjPgKYyUZuivH2/RKl9+ Pd+8OaKObBrFdknnPYE1ZP3lV7F9UOnQpJcHE0uayBqXnQ9rAfepcGohbHjnMDXV9MWE 8ymUhgqgphb39yypAvnG8wUoIc9O7n+tzSiVQ+jo6MV3UC9yG0Ie0sdRbMO/RnHTOtFN 1YmZv6bf+vtL6pRmRqUudDe7cEV6F69BPnIny8NwL+aXgaFH3zkg2AyYGMF4C4QENUJg x9aA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/meYzFLfcc0ms87o1XxZr8n7z9204LZMlbH7r5LlDBM=; b=Ad0poPSF4VblTeAypUQ2b6ZJmMnSmF2LowOMgp54DM1QH7V16HGRTPe66mXwDUYIjd CxINDCu1x0gTIIFkIwR9j2ea92gdJ0em9uVLFY+A3FLvTK3MDwh4QqXCslqO2gozH2uC 6UJKz6HnrQ7AynMm4wE/6oCW4sU2VqB0oI+PI03HZM8zBdFSu1pxVmEQU7neDLB/0xOw ES72G71r9ggd9Bi+KNW8nKUYKNeCHziaNbXiEl5j8UR1x5aLswPt3Ec37lHX4NVB3h/e 98eEwI2cpdBD89PAPT0bA+gACpAXTS0G8fTPpOidBrTcrtuFt5dfxsn6GVDNCdu0YY/K ENtw==
X-Gm-Message-State: AA6/9RmosfNKSCMc3Cj94vN1KKUZCXhmYe6n5TpEpTIoIm5ZkCH+G6TcohAw0bYAcb+dDZlZz5Xn8sO19nLAgQ==
X-Received: by 10.55.155.15 with SMTP id d15mr28143368qke.115.1476055028979; Sun, 09 Oct 2016 16:17:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Sun, 9 Oct 2016 16:17:08 -0700 (PDT)
In-Reply-To: <20161009073417.6A669113F0@welho-filter1.welho.com>
References: <20161004160321.DFB4C111E5@welho-filter1.welho.com> <BN6PR03MB27082C2CF4DC3F8F82354FDE87C50@BN6PR03MB2708.namprd03.prod.outlook.com> <201610050451.u954pomK003643@shell.siilo.fmi.fi> <CAOdDvNpRN_trGi23BpqUxmaLoLvom9+Yiew0GkNkhgwvqw4Bew@mail.gmail.com> <CABkgnnVKeqnyqhgL=jx1WqtcByqHes25XDJ684J+rNwvQt+znQ@mail.gmail.com> <201610051336.u95DaAW2020152@shell.siilo.fmi.fi> <CABkgnnVaBVE8mUxuGXYe-WeM_OkiNHcA=egnb1-nOxtdujShfw@mail.gmail.com> <201610051616.u95GGWcI031833@shell.siilo.fmi.fi> <BN6PR03MB2708B42C6964AA22AF8FFDC487C40@BN6PR03MB2708.namprd03.prod.outlook.com> <CABkgnnVJ7VRBH4VeGODkSUXdW9XHs8AjB_M0mm8Kt=nv3djvEg@mail.gmail.com> <BN6PR03MB27081C5CF95FB443BB4C155B87C70@BN6PR03MB2708.namprd03.prod.outlook.com> <20161009073417.6A669113F0@welho-filter1.welho.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 10 Oct 2016 10:17:08 +1100
Message-ID: <CABkgnnVecDi-w3yxqRBaGqvrz7zGUoYd1z7QyaZVv2zzuySgmg@mail.gmail.com>
To: Kari hurtta <hurtta-ietf@elmme-mailer.org>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>, HTTP working group mailing list <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.220.179; envelope-from=martin.thomson@gmail.com; helo=mail-qk0-f179.google.com
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=0.332, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1btNLj-0004wU-RQ 38050716a1f50048423fece385ceff73
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 2.2. Interaction with "https" URIs | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt
Archived-At: <http://www.w3.org/mid/CABkgnnVecDi-w3yxqRBaGqvrz7zGUoYd1z7QyaZVv2zzuySgmg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32534
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 9 October 2016 at 18:34, Kari hurtta <hurtta-ietf@elmme-mailer.org> wrote: > I'm not sure about > 421 Misdirected Request 421 is actually the right response code when the server is sure that it is not authoritative for an origin. However, this is case where the server probably IS authoritative, we just want the resource to not exist. (If you accept the premise, I don't think that it's a necessary change, see Patrick's email about who is being protected). > 2.2. Interaction with "https" URIs > https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-07#section-2.3 > > | Because of the risk of server confusion about individual requests' > | schemes (see Section 4.4), clients MUST NOT send "http" requests on a > | connection that has previously been used for "https" requests, unless > | the http-opportunistic origin object Section 2.3 fetched over that > | connection has a "mixed-scheme" member whose value is "true". > > I think that RFC can also require opposite. > > Add: > > And clients MUST NOT send "https" requests on a connection that has > previously been used for "http" requests, unless the http-opportunistic > origin object has a "mixed-scheme" member whose value is "true" I disagree. The point of all this mucking around is to make it clear that special behaviour is permitted, making https requests over an authenticated TLS connection is perfectly normal and expected.
- I-D Action: draft-ietf-httpbis-http2-encryption-0… internet-drafts
- Re: I-D Action: draft-ietf-httpbis-http2-encrypti… Kari hurtta
- Opportunistic Security for HTTP Kari hurtta
- RE: I-D Action: draft-ietf-httpbis-http2-encrypti… Mike Bishop
- SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action:… Kari Hurtta
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Patrick McManus
- Re: I-D Action: draft-ietf-httpbis-http2-encrypti… Martin Thomson
- Re: I-D Action: draft-ietf-httpbis-http2-encrypti… Julian Reschke
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Martin Thomson
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Kari Hurtta
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Martin Thomson
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Kari Hurtta
- RE: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Mike Bishop
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Kari Hurtta
- RE: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Mike Bishop
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Ilari Liusvaara
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Martin Thomson
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Erik Nygren
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Martin Thomson
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Kari Hurtta
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Kari Hurtta
- RE: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Mike Bishop
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Martin Thomson
- Empty but existing resource | Re: SETTINGS_MIXED_… Kari Hurtta
- Re: Empty but existing resource | Re: SETTINGS_MI… Martin Thomson
- Re: Empty but existing resource | Re: SETTINGS_MI… Mike Bishop
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Stefan Eissing
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Patrick McManus
- Re: Empty but existing resource | Re: SETTINGS_MI… Martin Thomson
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Martin Thomson
- Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Act… Patrick McManus
- Re: I-D Action: draft-ietf-httpbis-http2-encrypti… Kari hurtta
- 2.2. Interaction with "https" URIs | Re: SETTINGS… Kari hurtta
- Re: 2.2. Interaction with "https" URIs | Re: SETT… Martin Thomson
- Re: 2.2. Interaction with "https" URIs | Re: SETT… Kari Hurtta
- Re: 2.2. Interaction with "https" URIs | Re: SETT… Martin Thomson
- Re: 2.2. Interaction with "https" URIs | Re: SETT… Kari Hurtta
- Re: 2.2. Interaction with "https" URIs | Re: SETT… Martin Thomson