Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-01.txt

Martin Thomson <martin.thomson@gmail.com> Fri, 27 October 2017 05:01 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 072661389BC for <hybi@ietfa.amsl.com>; Thu, 26 Oct 2017 22:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNcQuMddRzty for <hybi@ietfa.amsl.com>; Thu, 26 Oct 2017 22:01:28 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BBA2139438 for <hybi@ietf.org>; Thu, 26 Oct 2017 22:01:28 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id g125so9176264oib.12 for <hybi@ietf.org>; Thu, 26 Oct 2017 22:01:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CPIcBVdbms9Tyjl7LA/FVLfcwGCClTD+8zyL1oOcKrQ=; b=pe6o9v531yh6TLAjcOY8/EixYWwytT0wLy9PbezqMuEUf3DGZ8N9wBa+Udr4RsERrL dTfCOtFd5AQ4e0yjDcP2fjW0jZeNGE2NdQttWWwlKlHeGfPbVuR1vMDVTOYUlMXlGaSe ANRHyaPwgb9tXcXW6YuzDnm0Z6ugmMDRTCMSr5ZQu/kOeYhK7eUr3QRkLt87W8Lv3aVZ Ps5DrIqVrI1JnIspe32v7UMCljuS66SJUsD/P7z/7fvne6Kf6r2vS8VofJo1ncedf6Wy egPtbQrSzo8HqJwG8aCKk/1jxIcIFTx6z/r3+Xj/VeEwyGNqM+Hx+kJuam64w8vokfgY gdBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CPIcBVdbms9Tyjl7LA/FVLfcwGCClTD+8zyL1oOcKrQ=; b=g2D4TKj19RhTR3+ptSFDYtEQj/lLfZFTWEtqCFuljUZFdsDK1ACN8hG+nkydRWcWtY x9t+wE7kjRI5EMWCwdu63GVAGT2QSc5OK3/GhZaGUmqTEXEn4dntuvDw5c0qRALCw5lm 4QvK1stsBOxV6akAKx9TI3tFBPfLe4LUA//50j3mx24mg8/MN5AdxwbIEUAaJE2OzRdg Atc+mE2+UVbaznNq+1AATXkPFbbCvR7sIs/sN6W5p/oqOzJgo3YdgGuY/rG3jH6Wm0k2 gMdFWC18WkvtrFxvDFtrj1d3wY5xNnzRUc+n4l5fn89BqhzSToNXmIGb/VWLPF+QS8yD FP1w==
X-Gm-Message-State: AMCzsaWURn3rjg6HgbFaj2giQrYwKNWoJcECQ0Ld4zAkl7X7qcUphDSi yUpqwLXVFBoSd9h7liR4vWRU3fWX+MTln2YpdMjRaw==
X-Google-Smtp-Source: ABhQp+Q3F712wYrKf8fVtSYNfuQiIdbB3luXqsu7CWxc3LoOSQJ7nlqGmB2zZY9zb2nJZ3RwKIQYJf7p6MX8f1asD7o=
X-Received: by 10.202.213.209 with SMTP id m200mr3375022oig.177.1509080487595; Thu, 26 Oct 2017 22:01:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.72.178 with HTTP; Thu, 26 Oct 2017 22:01:27 -0700 (PDT)
In-Reply-To: <76309743-EB28-4B47-BB94-254421538582@mnot.net>
References: <150903901882.24232.14013636670744151147.idtracker@ietfa.amsl.com> <CAOdDvNrC1PgribOiDc93hfCDFSJbjodnU8=yeNWgzkq4Cm-2Cg@mail.gmail.com> <CACAJL3nEB5jGFXpqPZ2ErdkezCHpZE1CnqXy0yomBP-v7jcGRA@mail.gmail.com> <CABkgnnVnotgrOBE2o=mi7BxvLEK3MGt_Rr3vmwnLtZ=5VpaOow@mail.gmail.com> <76309743-EB28-4B47-BB94-254421538582@mnot.net>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 27 Oct 2017 16:01:27 +1100
Message-ID: <CABkgnnVPfQerwZCSoqxr6CqNFYFHk1F=v=cobuXJ6LUndfRJkg@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: John Fallows <john.fallows@kaazing.com>, Patrick McManus <pmcmanus@mozilla.com>, hybi <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hybi/VmEocMI7rOOh2HxMXkHFoA395So>
Subject: Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-01.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 05:01:34 -0000

On Fri, Oct 27, 2017 at 10:39 AM, Mark Nottingham <mnot@mnot.net>; wrote:
> Just to give some context as to why I don't think it's a subtle change -- consider OWASP's mod_security CRS, which is the basis of most WAF products. It has baked-in assumptions about the semantics of CONNECT; e.g.,
>   <https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/e4e0497be4d598cce0e0a8fef20d1f1e5578c8d0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf>

I found this message quite obtuse (and that file worse), but what I
think you are saying is that an origin server might treat CONNECT
specially in a way that might make a new method easier to deploy.
That's a fine argument for a new method.