Skip to content

Commit

Permalink
Merge pull request #428 from httpwg/must-mitigate
Browse files Browse the repository at this point in the history
Be more definite about early data
  • Loading branch information
martinthomson committed Dec 1, 2017
2 parents 5738c71 + 4bb89f8 commit 5344dbc
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions draft-ietf-httpbis-replay.md
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,10 @@ determine this. However, some resources do elect to associate side effects with
safe methods, so this cannot be universally relied upon.

It is RECOMMENDED that origin servers allow resources to explicitly configure
whether early data is appropriate in requests. Absent such explicit
information, they SHOULD mitigate against early data in requests that have
unsafe methods, using the techniques outlined above.
whether early data is appropriate in requests. Absent such explicit information,
origin servers MUST either reject early data or implement the techniques
described in this document for ensuring that requests are not processed prior to
TLS handshake completion.

A request might be sent partially in early data with the remainder of the
request being sent after the handshake completes. This does not necessarily
Expand Down

0 comments on commit 5344dbc

Please sign in to comment.