Re: [quicwg/base-drafts] Require 8164 validation for non-https origins (#2973)

MikkelFJ <> Thu, 22 August 2019 07:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BA26F1200C7 for <>; Thu, 22 Aug 2019 00:50:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.495
X-Spam-Status: No, score=-6.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jUYxEYhW4pj4 for <>; Thu, 22 Aug 2019 00:50:27 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D1C90120169 for <>; Thu, 22 Aug 2019 00:50:26 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 10AF066049E for <>; Thu, 22 Aug 2019 00:50:26 -0700 (PDT)
Date: Thu, 22 Aug 2019 00:50:26 -0700
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2973/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Require 8164 validation for non-https origins (#2973)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d5e494221f3_5c243f9df7ecd9643238eb"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 22 Aug 2019 07:50:29 -0000

mikkelfj commented on this pull request.

> @@ -381,6 +381,10 @@ certificate for the origin before considering it authoritative. Clients MUST NOT
 assume that an HTTP/3 endpoint is authoritative for other origins without an
 explicit signal.
+If the client intends to make requests for an origin containing a scheme other
+than "https", it MUST also obtain a valid `http-opportunistic` response for the

I agree to what @martinthomson says. Unrelated and yet related I just fought (and lost) the Google Layer 7 load balancer because it insisted doing http health checks on a port that speaks websockets but does not serve http pages on the same port. In my case a tcp health check would have worked, but the point is that assuming that everything is http is not good.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: