IETF Logo Mail Archive

Re: draft-ietf-httpbis-encryption-encoding

Martin Thomson <martin.thomson@gmail.com> Fri, 23 December 2016 06:02 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32F301295BF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 22 Dec 2016 22:02:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.101
X-Spam-Level:
X-Spam-Status: No, score=-10.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ecpNIcA6s-sm for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 22 Dec 2016 22:02:48 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B496112952E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 22 Dec 2016 22:02:48 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cKItC-0002Xz-Bp for ietf-http-wg-dist@listhub.w3.org; Fri, 23 Dec 2016 05:59:34 +0000
Resent-Date: Fri, 23 Dec 2016 05:59:34 +0000
Resent-Message-Id: <E1cKItC-0002Xz-Bp@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1cKIsy-0002WK-AI for ietf-http-wg@listhub.w3.org; Fri, 23 Dec 2016 05:59:20 +0000
Received: from mail-qt0-f180.google.com ([209.85.216.180]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1cKIsw-0003tZ-UT for ietf-http-wg@w3.org; Fri, 23 Dec 2016 05:59:19 +0000
Received: by mail-qt0-f180.google.com with SMTP id d45so31545616qta.1 for <ietf-http-wg@w3.org>; Thu, 22 Dec 2016 21:58:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vD8v0jZMqrQ8VQ4fq15T0KjW/fBmB1asW+svAEu/xJw=; b=bVrta3Y50WGcCg67zf9pSqa+XZCaOEmfJ7OdcR89Eho0JOrEHP+DXtNr27sdsV7Z51 lUbkC+MaxwMAy/0dWNH34gDGUcL2V84nwiazeneSTrZWXSDrayJrPzf3aNHVCi6JNG+j d4hFf8h7zJ70vCGpWomZb75wySYphGAl+u8KoGcQLyRsNwXtoI5apVtYtIBMaAMQ+zBB X5Khy0RQq7BdapWm3umZEf+IAzzJRLUGhULi45i7Rd19XGF/UNiE+yHDR3tdNvc01nRK udWPx8wpbPcRvNw1to+KaloQ1US6uO1sGGocFUrepoqZlN5iPfA8O0mnApg1IYNQMjXk ipig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vD8v0jZMqrQ8VQ4fq15T0KjW/fBmB1asW+svAEu/xJw=; b=ppo9ehtckXhcKGuatF9vz22rnF4p/3w8cuqMsskY2jHRflZd2nDieGh+u05xf4IyDY Q/NodUok+YSZKkiEd7ajSQUN3WqFYYKyTA48ZTr2eTa0XO2ZsFgr0FvPr43YIBMTf5BS toYR1Fu7j5zQX/htliyBNaSP6oEhcbUfOpXTk2Ny2iZg+1Pmv1xIZa+PfZegdq2Ie9aN dfJx0457dpDYyW6s68w62XJA/YLD9EGpFROx6QuQljzs8NBp6/9GKY+WqSJFdMKCwSIM EDE9THlw/sHilR9r7VNK2L+PqYDQKOXeQN8fK91lTK7SGZ8Hb6Szo0o05Ohq4S0OG6ow 7rGg==
X-Gm-Message-State: AIkVDXIE33iHhmqG7aBhL8JIfVX1n4mFl4zkMkpu0pTctSNy6/xTfrdADKwULAsGTAXpQpOZhLdsN1I3QNsk/Q==
X-Received: by 10.237.55.97 with SMTP id i88mr9145039qtb.143.1482472732963; Thu, 22 Dec 2016 21:58:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.38.233 with HTTP; Thu, 22 Dec 2016 21:58:52 -0800 (PST)
In-Reply-To: <20161222060124.733EB1A95C@welho-filter4.welho.com>
References: <CABkgnnWhc6ZdjgV5degiJuK-P6qSZk_uMjLm9zctyqdOSUaxPw@mail.gmail.com> <20161222060124.733EB1A95C@welho-filter4.welho.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 23 Dec 2016 16:58:52 +1100
Message-ID: <CABkgnnVmHMPgBG6=GbN7iPWJQNJ46Nn6Cp39uZRB9zABSmS-2g@mail.gmail.com>
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: HTTP working group mailing list <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.216.180; envelope-from=martin.thomson@gmail.com; helo=mail-qt0-f180.google.com
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=0.359, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1cKIsw-0003tZ-UT a3df6f4ee434fb18f1ad8002a5f448d0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: draft-ietf-httpbis-encryption-encoding
Archived-At: <http://www.w3.org/mid/CABkgnnVmHMPgBG6=GbN7iPWJQNJ46Nn6Cp39uZRB9zABSmS-2g@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33229
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks for the prompt review.  Inline.

On 22 December 2016 at 17:01, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-09#section-2
>
> |                   Connections that use client certificates for other
> |   reasons MAY be reused, though client certificates MUST NOT affect the
> |   responses to requests for "http" resources.
[...]
> What are connections  that use client certificates for other reasons
> because they can not be connections which are used for "https" requests ?

That's an editorial snafu.  I've fixed it.  It now reads (in full):

   Client certificates are not meaningful for URLs with the "http"
   scheme, and therefore clients creating new TLS connections to
   alternative services for the purposes of this specification MUST NOT
   present them.  A server that also provides "https" resources on the
   same port can request a certificate during the TLS handshake, but it
   MUST NOT abort the handshake if the client does not provide one.

> I'm not sure that this
>
>     "they have obtained a valid http-opportunistic response for an origin (as
>     per Section 2.3)."
>
> is saying.

Section 2.3 defines a valid http-opportunistic response:

   [...] A client is said to have a valid http-opportunistic
   response for a given origin when:

> This text or example after that seems not say from read /.well-known/http-opportunistic
> need to be read. From original connection or from putative alternative service.
> Or is it irrelevant?

Yes, that's an oversight.  The only requirement is that the request is
made to the authenticated alternative.

And the contradiction is a problem.  I've pushed a commit that should fix this:

https://github.com/httpwg/http-extensions/commit/467d6b2773304e47cad09f6a8af62a7448fe3312

v2.23.0 | Report a Bug | By Email