Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt

Kari Hurtta <hurtta-ietf@elmme-mailer.org> Wed, 05 October 2016 13:41 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87789129704 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 5 Oct 2016 06:41:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.916
X-Spam-Level:
X-Spam-Status: No, score=-9.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l66XbZ989Eoz for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 5 Oct 2016 06:41:45 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BCA1129700 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 5 Oct 2016 06:41:44 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1brmNY-0003wh-Lr for ietf-http-wg-dist@listhub.w3.org; Wed, 05 Oct 2016 13:37:00 +0000
Resent-Date: Wed, 05 Oct 2016 13:37:00 +0000
Resent-Message-Id: <E1brmNY-0003wh-Lr@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <hurtta@siilo.fmi.fi>) id 1brmNW-0003vy-RE for ietf-http-wg@listhub.w3.org; Wed, 05 Oct 2016 13:36:58 +0000
Received: from smtpvgate.fmi.fi ([193.166.223.36]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <hurtta@siilo.fmi.fi>) id 1brmNQ-0006iM-9X for ietf-http-wg@w3.org; Wed, 05 Oct 2016 13:36:57 +0000
Received: from virkku.fmi.fi (virkku.fmi.fi [193.166.211.54]) (envelope-from hurtta@siilo.fmi.fi) by smtpVgate.fmi.fi (8.13.8/8.13.8/smtpgate-20160114/smtpVgate) with ESMTP id u95DaCj2017038 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 5 Oct 2016 16:36:12 +0300
Received: from shell.siilo.fmi.fi by virkku.fmi.fi with ESMTP id u95DaBMa003699 ; Wed, 5 Oct 2016 16:36:11 +0300
Received: from shell.siilo.fmi.fi ([127.0.0.1]) by shell.siilo.fmi.fi with ESMTP id u95DaBAX020153 ; Wed, 5 Oct 2016 16:36:11 +0300
Received: by shell.siilo.fmi.fi id u95DaAW2020152; Wed, 5 Oct 2016 16:36:10 +0300
Message-Id: <201610051336.u95DaAW2020152@shell.siilo.fmi.fi>
In-Reply-To: <CABkgnnVKeqnyqhgL=jx1WqtcByqHes25XDJ684J+rNwvQt+znQ@mail.gmail.com>
References: <20161004160321.DFB4C111E5@welho-filter1.welho.com> <BN6PR03MB27082C2CF4DC3F8F82354FDE87C50@BN6PR03MB2708.namprd03.prod.outlook.com> <201610050451.u954pomK003643@shell.siilo.fmi.fi> <CAOdDvNpRN_trGi23BpqUxmaLoLvom9+Yiew0GkNkhgwvqw4Bew@mail.gmail.com> <CABkgnnVKeqnyqhgL=jx1WqtcByqHes25XDJ684J+rNwvQt+znQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 5 Oct 2016 16:36:10 +0300 (EEST)
Sender: hurtta@siilo.fmi.fi
From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
CC: Patrick McManus <mcmanus@ducksong.com>, Kari Hurtta <khurtta@welho.com>, Mike Bishop <Michael.Bishop@microsoft.com>, Kari hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
X-Mailer: ELM [version ME+ 2.5 PLalpha41]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
X-Filter: smtpVgate.fmi.fi: 3 received headers rewritten with id 20161005/28966/01
X-Filter: smtpVgate.fmi.fi: ID 28966/01, 1 parts scanned for known viruses
X-Filter: virkku.fmi.fi: ID 15606/01, 1 parts scanned for known viruses
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtpVgate.fmi.fi [193.166.223.36]); Wed, 05 Oct 2016 16:36:13 +0300 (EEST)
Received-SPF: none client-ip=193.166.223.36; envelope-from=hurtta@siilo.fmi.fi; helo=smtpVgate.fmi.fi
X-W3C-Hub-Spam-Status: No, score=-6.7
X-W3C-Hub-Spam-Report: AWL=-0.179, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.644, W3C_AA=-1, W3C_WL=-1, WEIRD_PORT=0.001
X-W3C-Scan-Sig: maggie.w3.org 1brmNQ-0006iM-9X 97fffe0f755b6ff527dee94426670971
X-Original-To: ietf-http-wg@w3.org
Subject: Re: SETTINGS_MIXED_SCHEME_PERMITTED | Re: I-D Action: draft-ietf-httpbis-http2-encryption-07.txt
Archived-At: <http://www.w3.org/mid/201610051336.u95DaAW2020152@shell.siilo.fmi.fi>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32484
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Martin Thomson <martin.thomson@gmail.com>om>: (Wed Oct  5 15:43:13 2016)
> And now that I read this thread, I find that the point about origins
> over connections is pretty convincing.  I should read all before
> committing to mistakes :)
> 
> However, perhaps there is some simplification to be salvaged.  I think
> that Mike's observation suggests that we can remove "tls-ports".  Once
> the TLS-enabled port acknowledges that it understand that it can
> receive requests for http://<foo> then maybe that's enough (in
> addition to it having a valid certificate, that is).
> 
> And, while I'm on the topic, "lifetime" is a bit jarring now that we
> don't have a commitment.  To that end, a simpler formulation suggests
> itself:
> 
> [ "http://example.com", "http://example.com:5602" ]
> 
> That should make Mark happy about not having to reconcile "lifetime"
> with the cache freshness lifetime.

I asked

> >> "tls-ports"  should perhaps now be "mixed-scheme-listeners"
> >> giving [ "alternative-server:port" ].

because should we really say that particular alternative server / port
combination for given origin supports http: -scheme over TLS.

Particular alternative server / port may be reverse proxy
where behind of it there is several origins on different servers.

But also for particular origin there may be several 
alternative servers which are not equal.

Simple?

/ Kari Hurtta