On Tue, Jun 13, 2017 at 11:07:35AM -0700, Colm MacCárthaigh wrote: > On Tue, Jun 13, 2017 at 11:04 AM, Benjamin Kaduk <bka...@akamai.com> wrote: > > > I have been operating under the impression that at least some application > > profiles for early data will require that certain application protocol > > requests (e.g., something like HTTP POST) must be rejected at the > > application layer as "not appropriate for 0-RTT data", which requires the > > application to know if the request was received over 0-RTT data. > > > > > That's a really good point; you've changed my mind. It's obviously a good > idea to return a 5XX to a POST over 0-RTT and that would need this.
I think the proper code to send is 400. The request is client error, nor server error, so it is 4XX. And there does not seem to be suitable 4XX code, so it goes to catch-all client error code 400. For HTTP/2, refusing the stream (sending stream error 7 without sending server headers) is also a good choice, as this should trigger a retransmission of the offending request (POST requests failed by refusing the stream are retryable). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
