From 4bb89f815ed74181910d26b69b704d494a16803e Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Mon, 27 Nov 2017 09:44:38 +1100 Subject: [PATCH] Be more definite about early data --- draft-ietf-httpbis-replay.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-httpbis-replay.md b/draft-ietf-httpbis-replay.md index 9672cb537..02a800f5b 100644 --- a/draft-ietf-httpbis-replay.md +++ b/draft-ietf-httpbis-replay.md @@ -131,9 +131,10 @@ determine this. However, some resources do elect to associate side effects with safe methods, so this cannot be universally relied upon. It is RECOMMENDED that origin servers allow resources to explicitly configure -whether early data is appropriate in requests. Absent such explicit -information, they SHOULD mitigate against early data in requests that have -unsafe methods, using the techniques outlined above. +whether early data is appropriate in requests. Absent such explicit information, +origin servers MUST either reject early data or implement the techniques +described in this document for ensuring that requests are not processed prior to +TLS handshake completion. A request might be sent partially in early data with the remainder of the request being sent after the handshake completes. This does not necessarily