Re: 2.2. Interaction with "https" URIs | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

Martin Thomson <martin.thomson@gmail.com> Sun, 09 October 2016 23:21 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B196128E19 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Oct 2016 16:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.017
X-Spam-Level:
X-Spam-Status: No, score=-10.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAsIwOc7yZrF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Oct 2016 16:21:55 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCB1D127ABE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 9 Oct 2016 16:21:55 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1btNLr-0003Nw-9A for ietf-http-wg-dist@listhub.w3.org; Sun, 09 Oct 2016 23:17:51 +0000
Resent-Date: Sun, 09 Oct 2016 23:17:51 +0000
Resent-Message-Id: <E1btNLr-0003Nw-9A@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1btNLl-0003MM-HK for ietf-http-wg@listhub.w3.org; Sun, 09 Oct 2016 23:17:45 +0000
Received: from mail-qk0-f179.google.com ([209.85.220.179]) by lisa.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1btNLj-0004wU-RQ for ietf-http-wg@w3.org; Sun, 09 Oct 2016 23:17:45 +0000
Received: by mail-qk0-f179.google.com with SMTP id o68so86063749qkf.3 for <ietf-http-wg@w3.org>; Sun, 09 Oct 2016 16:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/meYzFLfcc0ms87o1XxZr8n7z9204LZMlbH7r5LlDBM=; b=XMfLkqqYNU6LZd/nRy3/EMFO4V/TE4ST1ueOUGcAxWg0MzE/3lbaP18LO01XHg4vqF wEOXquteX7mpRqzRck2AOyfDlEvYmvIu/c2Hi6OVJlq2Js+HmjPgKYyUZuivH2/RKl9+ Pd+8OaKObBrFdknnPYE1ZP3lV7F9UOnQpJcHE0uayBqXnQ9rAfepcGohbHjnMDXV9MWE 8ymUhgqgphb39yypAvnG8wUoIc9O7n+tzSiVQ+jo6MV3UC9yG0Ie0sdRbMO/RnHTOtFN 1YmZv6bf+vtL6pRmRqUudDe7cEV6F69BPnIny8NwL+aXgaFH3zkg2AyYGMF4C4QENUJg x9aA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/meYzFLfcc0ms87o1XxZr8n7z9204LZMlbH7r5LlDBM=; b=Ad0poPSF4VblTeAypUQ2b6ZJmMnSmF2LowOMgp54DM1QH7V16HGRTPe66mXwDUYIjd CxINDCu1x0gTIIFkIwR9j2ea92gdJ0em9uVLFY+A3FLvTK3MDwh4QqXCslqO2gozH2uC 6UJKz6HnrQ7AynMm4wE/6oCW4sU2VqB0oI+PI03HZM8zBdFSu1pxVmEQU7neDLB/0xOw ES72G71r9ggd9Bi+KNW8nKUYKNeCHziaNbXiEl5j8UR1x5aLswPt3Ec37lHX4NVB3h/e 98eEwI2cpdBD89PAPT0bA+gACpAXTS0G8fTPpOidBrTcrtuFt5dfxsn6GVDNCdu0YY/K ENtw==
X-Gm-Message-State: AA6/9RmosfNKSCMc3Cj94vN1KKUZCXhmYe6n5TpEpTIoIm5ZkCH+G6TcohAw0bYAcb+dDZlZz5Xn8sO19nLAgQ==
X-Received: by 10.55.155.15 with SMTP id d15mr28143368qke.115.1476055028979; Sun, 09 Oct 2016 16:17:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Sun, 9 Oct 2016 16:17:08 -0700 (PDT)
In-Reply-To: <20161009073417.6A669113F0@welho-filter1.welho.com>
References: <20161004160321.DFB4C111E5@welho-filter1.welho.com> <BN6PR03MB27082C2CF4DC3F8F82354FDE87C50@BN6PR03MB2708.namprd03.prod.outlook.com> <201610050451.u954pomK003643@shell.siilo.fmi.fi> <CAOdDvNpRN_trGi23BpqUxmaLoLvom9+Yiew0GkNkhgwvqw4Bew@mail.gmail.com> <CABkgnnVKeqnyqhgL=jx1WqtcByqHes25XDJ684J+rNwvQt+znQ@mail.gmail.com> <201610051336.u95DaAW2020152@shell.siilo.fmi.fi> <CABkgnnVaBVE8mUxuGXYe-WeM_OkiNHcA=egnb1-nOxtdujShfw@mail.gmail.com> <201610051616.u95GGWcI031833@shell.siilo.fmi.fi> <BN6PR03MB2708B42C6964AA22AF8FFDC487C40@BN6PR03MB2708.namprd03.prod.outlook.com> <CABkgnnVJ7VRBH4VeGODkSUXdW9XHs8AjB_M0mm8Kt=nv3djvEg@mail.gmail.com> <BN6PR03MB27081C5CF95FB443BB4C155B87C70@BN6PR03MB2708.namprd03.prod.outlook.com> <20161009073417.6A669113F0@welho-filter1.welho.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 10 Oct 2016 10:17:08 +1100
Message-ID: <CABkgnnVecDi-w3yxqRBaGqvrz7zGUoYd1z7QyaZVv2zzuySgmg@mail.gmail.com>
To: Kari hurtta <hurtta-ietf@elmme-mailer.org>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>, HTTP working group mailing list <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=209.85.220.179; envelope-from=martin.thomson@gmail.com; helo=mail-qk0-f179.google.com
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=0.332, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1btNLj-0004wU-RQ 38050716a1f50048423fece385ceff73
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 2.2. Interaction with "https" URIs | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt
Archived-At: <http://www.w3.org/mid/CABkgnnVecDi-w3yxqRBaGqvrz7zGUoYd1z7QyaZVv2zzuySgmg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32534
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 9 October 2016 at 18:34, Kari hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> I'm not sure about
>         421 Misdirected Request

421 is actually the right response code when the server is sure that
it is not authoritative for an origin.  However, this is case where
the server probably IS authoritative, we just want the resource to not
exist. (If you accept the premise, I don't think that it's a necessary
change, see Patrick's email about who is being protected).

> 2.2.  Interaction with "https" URIs
> https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-07#section-2.3
>
> |   Because of the risk of server confusion about individual requests'
> |   schemes (see Section 4.4), clients MUST NOT send "http" requests on a
> |   connection that has previously been used for "https" requests, unless
> |   the http-opportunistic origin object Section 2.3 fetched over that
> |   connection has a "mixed-scheme" member whose value is "true".
>
> I think that RFC can also require opposite.
>
> Add:
>
>    And clients MUST NOT send "https" requests on a connection that has
>    previously been used for "http" requests, unless the http-opportunistic
>    origin object has a "mixed-scheme" member whose value is "true"

I disagree.  The point of all this mucking around is to make it clear
that special behaviour is permitted, making https requests over an
authenticated TLS connection is perfectly normal and expected.