Re: New Draft: draft-ohanlon-transport-info-header
"Piers O'Hanlon" <piers.ohanlon@bbc.co.uk> Tue, 26 November 2019 17:13 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C3B01210E1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 26 Nov 2019 09:13:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o_BsGFdVT6zk for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 26 Nov 2019 09:13:34 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 154841210DE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 26 Nov 2019 09:13:33 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1iZeMQ-0004wF-Fy for ietf-http-wg-dist@listhub.w3.org; Tue, 26 Nov 2019 17:10:46 +0000
Resent-Date: Tue, 26 Nov 2019 17:10:46 +0000
Resent-Message-Id: <E1iZeMQ-0004wF-Fy@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <piers.ohanlon@bbc.co.uk>) id 1iZeMN-0004vK-PK for ietf-http-wg@listhub.w3.org; Tue, 26 Nov 2019 17:10:43 +0000
Received: from mailout1.telhc.bbc.co.uk ([132.185.161.180]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <piers.ohanlon@bbc.co.uk>) id 1iZeML-0002wW-OD for ietf-http-wg@w3.org; Tue, 26 Nov 2019 17:10:43 +0000
Received: from BGB01XI1003.national.core.bbc.co.uk ([10.184.50.53]) by mailout1.telhc.bbc.co.uk (8.15.2/8.15.2) with ESMTP id xAQHAc8R021838; Tue, 26 Nov 2019 17:10:38 GMT
Received: from BGB01XUD1009.national.core.bbc.co.uk ([10.161.14.7]) by BGB01XI1003.national.core.bbc.co.uk ([10.184.50.53]) with mapi id 14.03.0408.000; Tue, 26 Nov 2019 17:10:37 +0000
From: Piers O'Hanlon <piers.ohanlon@bbc.co.uk>
To: Lucas Pardue <lucaspardue.24.7@gmail.com>
CC: Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: New Draft: draft-ohanlon-transport-info-header
Thread-Index: AQHVoSMuoLeOCPH9y0O/3xVovjDbQaeXJimAgACSr4CABBncAIAAM2KAgAAYdACAAAOFAIABlISA
Date: Tue, 26 Nov 2019 17:10:37 +0000
Message-ID: <B75925BC-AEEB-444C-8B48-024BD459D645@bbc.co.uk>
References: <CAFWWCs4jSRbrK_-5mxM8w4YexYNKRuwGGJSK4iNrhr4en2Q=_w@mail.gmail.com> <CALGR9ob+EgQwC=VK80PPRWxABxi3AeLUpGXk=wzBK57H0OUzJw@mail.gmail.com> <CAFWWCs5u=qAjmhPek17YqN=AmVJgyCXEVkfP2RsQ5uM-DBZc0A@mail.gmail.com> <CAOdDvNrKSPwxNPDYW_0rqc78Zu4NJW9E49qGFt+nv7v3cUgTXg@mail.gmail.com> <CAFWWCs7XqVjOcNyt75P7enHXkAV3WzM8TDZLmUUaiDHFdT3QQQ@mail.gmail.com> <CAOdDvNo2dC77aQJif_351SR70J=judm+eKupm64=fSCY8212PA@mail.gmail.com> <FC0A337E-C794-446A-B587-36FA4F57820D@bbc.co.uk> <CALGR9oZKy2fCsPjFE8PB7T8q6ovkAuqwrnsBoU3FVLg2wS9ecQ@mail.gmail.com>
In-Reply-To: <CALGR9oZKy2fCsPjFE8PB7T8q6ovkAuqwrnsBoU3FVLg2wS9ecQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.19.161.212]
x-exclaimer-md-config: c91d45b2-6e10-4209-9543-d9970fac71b7
x-tm-as-product-ver: SMEX-12.5.0.1300-8.2.1013-24052.007
x-tm-as-result: No-6.298900-8.000000-10
x-tmase-matchedrid: O/y65JfDwwu7lpQUW6Uvz7iMC5wdwKqdwZLXS0hN8p2nM8DdMpVuWJGc Qk4/oIgC+BmvCg26LIxm89VTQcuyxdglsIbYnVZIj0FWpA5CVPkuAcrcTYgddTDJ9a3KikGootw ZKwN2MjT46hmObfSABqJAy3lUajoG2Sta0KsjYhkI8o+oRtTdk30tCKdnhB581kTfEkyaZdz6C0 ePs7A07YFInLyeDAoZDEY6shtGp0sAyvyon/czvCfb4ON9AiVk8Ff54Ro8AgVRlLDTCvNvYw==
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--6.298900-8.000000
x-tmase-version: SMEX-12.5.0.1300-8.2.1013-24052.007
Content-Type: text/plain; charset="utf-8"
Content-ID: <90E916F4792DBF42B2489F1EE7569912@bbc.co.uk>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Received-SPF: pass client-ip=132.185.161.180; envelope-from=piers.ohanlon@bbc.co.uk; helo=mailout1.telhc.bbc.co.uk
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1iZeML-0002wW-OD 534587cabc71ac913570abd0cb1ddae8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Draft: draft-ohanlon-transport-info-header
Archived-At: <https://www.w3.org/mid/B75925BC-AEEB-444C-8B48-024BD459D645@bbc.co.uk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37193
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Lucas, Thanks for the explanation - that helped. I think to keep the discussion simple I’ll reply with my points to Patrick. Piers > On 25 Nov 2019, at 17:02, Lucas Pardue <lucaspardue.24.7@gmail.com> wrote: > > IIUC Patrick correctly, I think one threat model relates to connection coalescing. Imagine two resources: a.example.com/index.html includes b.example.com/foo.js and the properties of these resources (i.e. authority and certs) satisfy the requirements for HTTP/2 connection reuse as described in https://tools.ietf.org/html/rfc7540#section-9.1.1. > > a.example.com and b.example.com are in different administrative domains but requests for b.example.com/foo.js are able to obtain information about the state of the connection including the effect of requests to a.example.com. This could be used for fingerprinting or some other form of attack from one domain to the other. > > Lucas > >
- New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Lucas Pardue
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Lucas Pardue
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon
- Re: New Draft: draft-ohanlon-transport-info-header Patrick McManus
- Re: New Draft: draft-ohanlon-transport-info-header Piers O'Hanlon