Re: alt-svc and proxies

Martin Thomson <> Wed, 06 January 2016 00:33 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2087E1B2DB7 for <>; Tue, 5 Jan 2016 16:33:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.012
X-Spam-Status: No, score=-7.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r8CEG3vqrTNM for <>; Tue, 5 Jan 2016 16:33:43 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D0A0F1A9100 for <>; Tue, 5 Jan 2016 16:33:43 -0800 (PST)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1aGbzE-0001nq-TM for; Wed, 06 Jan 2016 00:30:00 +0000
Resent-Date: Wed, 06 Jan 2016 00:30:00 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1aGbzB-0001ls-QA for; Wed, 06 Jan 2016 00:29:57 +0000
Received: from ([]) by with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <>) id 1aGbz7-0001Tg-EJ for; Wed, 06 Jan 2016 00:29:56 +0000
Received: by with SMTP id q21so203584417iod.0 for <>; Tue, 05 Jan 2016 16:29:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=+ct9SIyDMXCZRRtJLJ0XcDAKQJ+LOGwh9UYVuWTORq4=; b=jX48+bGg50HhZ9BUeSEmaRaMJu4UjnZLl2eM1T/gBgu+RmoS6sR9XXomIm8YvsK4y3 c2V1FeXPeWmZj4Cryq+hl44lNc7CPLVxLKuXeuWtBfSO+uWlqAdG1qp22HSA3bzFoU4b USyMgpUFyEohkjOT2TnZemkkqh682ArQmmb/gcnUVUZ/usUogchKxW9Yml7UP9ClQrtV HdS3jWrS+ZZxFf0uCPbZ55lGc8G4SGaszL8DZP8wPBDuM2Q8Jh44GqAcui4MuSX3iBns mPgheAf2GEa+nfoIqSgBlHyQS6vlBVC7ADEfgvahH8z84T+C4SaWJQEzXnZ2KwK/wSkB AarA==
MIME-Version: 1.0
X-Received: by with SMTP id h12mr32441248ioh.108.1452040166882; Tue, 05 Jan 2016 16:29:26 -0800 (PST)
Received: by with HTTP; Tue, 5 Jan 2016 16:29:26 -0800 (PST)
In-Reply-To: <2C515BE8694C6F4B9B6A578BCAC32E2F6D53A153@MBX021-W3-CA-2.exch021.domain.local>
References: <2C515BE8694C6F4B9B6A578BCAC32E2F6D538FCC@MBX021-W3-CA-2.exch021.domain.local> <> <2C515BE8694C6F4B9B6A578BCAC32E2F6D53A153@MBX021-W3-CA-2.exch021.domain.local>
Date: Wed, 06 Jan 2016 11:29:26 +1100
Message-ID: <>
From: Martin Thomson <>
To: Piotr Galecki <>
Cc: HTTP Working Group <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.837, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: 1aGbz7-0001Tg-EJ 1ea1d6b7f5df216c528cb0bf3cc007d2
Subject: Re: alt-svc and proxies
Archived-At: <>
X-Mailing-List: <> archive/latest/30851
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 5 January 2016 at 17:01, Piotr Galecki
<> wrote:
> Even though it is not required Forward Proxy could still strip Alt-Svc header since the header has no use to user agent
> and it could only have undesirable consequences if user-agent incorrectly implements alt services.

A proxy can (and likely will) strip the header field.  However, we
can't guarantee it.  That's why we have the text I cited.

Other than that, there is nothing we can do about people who decide to
ignore specs and do what they please.

> The draft does not clarify that origin server should be used for proxy selection.
> Perhaps the following would make it more clear?
> "A client SHOULD use origin, rather than alternative service, when evaluating configuration rules for proxy selection. If a proxy was selected for a given request the client SHOULD NOT directly connect to an alternative service for this request, but instead route it through that proxy."

That's probably not an improvement.  We don't want to start to create
rules about proxy selection here, which your text does.  And I
actually think that proxy selection might be improved by having an
alt-svc input.