Re: 2.2. Interaction with "https" URIs | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

Martin Thomson <martin.thomson@gmail.com> Mon, 10 October 2016 04:59 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B751B129456 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Oct 2016 21:59:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.517
X-Spam-Level:
X-Spam-Status: No, score=-9.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AhhNJRdUWD2m for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Oct 2016 21:59:53 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60AA0129423 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 9 Oct 2016 21:59:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1btScy-0008Ey-Dw for ietf-http-wg-dist@listhub.w3.org; Mon, 10 Oct 2016 04:55:52 +0000
Resent-Date: Mon, 10 Oct 2016 04:55:52 +0000
Resent-Message-Id: <E1btScy-0008Ey-Dw@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1btSct-0008ED-S8 for ietf-http-wg@listhub.w3.org; Mon, 10 Oct 2016 04:55:47 +0000
Received: from mail-qk0-f182.google.com ([209.85.220.182]) by lisa.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1btScq-0007zr-Am for ietf-http-wg@w3.org; Mon, 10 Oct 2016 04:55:46 +0000
Received: by mail-qk0-f182.google.com with SMTP id f128so70379401qkb.1 for <ietf-http-wg@w3.org>; Sun, 09 Oct 2016 21:55:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OlamR+REHTO5gjI/S9lO5Ljxff3OFfgcM9LKPMC7q14=; b=npbgl2gQL+ZuF98L0UbTcSUEIAyaMw4x4sL2hsQQwwZqfzwlGrNsT6F/3Y7YWlF1y9 E3f7R9lp6qc0SP38fJrMA3wA0EjY8xFirdTiJ/pNSA0cIy9zeT7YhjGBo2xRGHEIxfOM r6iFPHnL5caBTd0zxB1mwkZQSyjuvBPOQq5sGtBBv57jOmgvXfHTT4RcGmG88tuygQJ/ I4AiLfkI472DFf+yzw51xDu1LIQU5wzfwaxP6EYP7I4pYCltO6CYHBkGvxNQGycajBw3 09bbzRfKLeHNJ70cjmxcgU8H9mRzJamocxUrDTk0rwDCotBm1KSVvFK/A3G/yjwDY5AE kqYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OlamR+REHTO5gjI/S9lO5Ljxff3OFfgcM9LKPMC7q14=; b=S65mkLXOMfAREw5N9G4ra7v/LhO04fOYUsjFoUt5EmpF4c42/ZEbAx9W253Qq8JDU+ yIUJEymm5NR7UM0TvyY1Nayk6ookIFyTIaBv+wI9vh4rP1pzmOnnNsr2qKh/9PvJPKMf p7OVfJSuW4TTmSYFloRc9FtZ+8sTWZkjd5gmbNQkAFi/GSPOG/1gzit135UjnK1clnHe EM3WKkqN4xLSZCOFaGVPC68uttsKu7asyTH8jQpP+U7lv9qESKDTDCefbdvra2DvzPMb ji1qjgBA+gpxvc1NbRuEAhL/+bbuqSIPoNK5aSRRB4Z6j3EqjtxXcLsmKg6rgOKvETNo VGjw==
X-Gm-Message-State: AA6/9RmvSCcHt6ZPsy6KGdMDS0SlpdO8RDCLATgEXryLW0HIzDyHiVdqpVgbgAWj7KdXzMUjWcFEhdWqeX9a9g==
X-Received: by 10.55.71.3 with SMTP id u3mr25867980qka.144.1476075317905; Sun, 09 Oct 2016 21:55:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Sun, 9 Oct 2016 21:55:17 -0700 (PDT)
In-Reply-To: <201610100445.u9A4jeq4014046@shell.siilo.fmi.fi>
References: <20161004160321.DFB4C111E5@welho-filter1.welho.com> <BN6PR03MB27082C2CF4DC3F8F82354FDE87C50@BN6PR03MB2708.namprd03.prod.outlook.com> <201610050451.u954pomK003643@shell.siilo.fmi.fi> <CAOdDvNpRN_trGi23BpqUxmaLoLvom9+Yiew0GkNkhgwvqw4Bew@mail.gmail.com> <CABkgnnVKeqnyqhgL=jx1WqtcByqHes25XDJ684J+rNwvQt+znQ@mail.gmail.com> <201610051336.u95DaAW2020152@shell.siilo.fmi.fi> <CABkgnnVaBVE8mUxuGXYe-WeM_OkiNHcA=egnb1-nOxtdujShfw@mail.gmail.com> <201610051616.u95GGWcI031833@shell.siilo.fmi.fi> <BN6PR03MB2708B42C6964AA22AF8FFDC487C40@BN6PR03MB2708.namprd03.prod.outlook.com> <CABkgnnVJ7VRBH4VeGODkSUXdW9XHs8AjB_M0mm8Kt=nv3djvEg@mail.gmail.com> <BN6PR03MB27081C5CF95FB443BB4C155B87C70@BN6PR03MB2708.namprd03.prod.outlook.com> <20161009073417.6A669113F0@welho-filter1.welho.com> <CABkgnnVecDi-w3yxqRBaGqvrz7zGUoYd1z7QyaZVv2zzuySgmg@mail.gmail.com> <201610100445.u9A4jeq4014046@shell.siilo.fmi.fi>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 10 Oct 2016 15:55:17 +1100
Message-ID: <CABkgnnUBc9R+m9EwwuP000Cf2XMcS4Z+OWbV-Lcc=8n3GEAgLg@mail.gmail.com>
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>, HTTP working group mailing list <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.220.182; envelope-from=martin.thomson@gmail.com; helo=mail-qk0-f182.google.com
X-W3C-Hub-Spam-Status: No, score=-5.8
X-W3C-Hub-Spam-Report: AWL=-0.268, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1btScq-0007zr-Am e51328f2270cb1b7058582840b97f325
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 2.2. Interaction with "https" URIs | Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt
Archived-At: <http://www.w3.org/mid/CABkgnnUBc9R+m9EwwuP000Cf2XMcS4Z+OWbV-Lcc=8n3GEAgLg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32536
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 10 October 2016 at 15:45, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> After one "https" reguest that apply:
>
> |                            clients MUST NOT send "http" requests on a
> |    connection that has previously been used for "https" requests,

The point of this is to cover off any problems that might arise from
connection reuse.  It's clumsy.  I think that it should be reworded:
clients MUST NOT send "http" requests on a connection that would
ordinarily be used for "https" requests unless the http-opportunistic
origin object [...]

If scheme is determined on the first request and that causes this
check to pass, then we're going to get false positives.  Remember:
we're incapable of detecting all cases where the server decides to do
crazy things - I'm sure that I can devise a server architecture that
will fail for any solution we devise - we have to instead take steps
that we think are reasonable.