httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Life is hard, and then you die." <>
Subject Re: Upcoming 'Upgrade' draft
Date Sat, 17 Jul 1999 07:05:10 GMT

> At the Security Area open meeting yesterday at IETF-45, Rohit Khare mentioned
> an upcoming draft defining an extension permitting a transaction to
> open with HTTP, and then 'upgrade' to something like HTTPS.


> As I
> recall, the user agent would make an 'OPTIONS *' request with an
> 'Upgrade: https' header field, and if the response indicated an
> upgrade were possible, the user agent and server could negociate
> to switch to HTTPS.  Or whatever.

More precisely there are the following scenarious:

1) Client demands secure connection: client sends 'OPTIONS *' with
   Upgrade header, and barfs if server does not agree (i.e. if it
   doesn't response with 101).

2) Client would like a secure connection, but doesn't mind the
   request or response in the clear: client sends normal request
   with an Upgrade header. Server then replies with either a 101
   (Upgrade) or with the response directly.
3) Server demands secure connection: it sends back a 426 (Upgrade
   Required). Client may do either 1) or 2).

4) Server would like to use secure connection, or simply wants to
   advertise that it is capable of secure connections: server sends
   an Upgrade header with any response. If the client wants to upgrade
   it can then do either 1) or 2).



View raw message