IETF Logo Mail Archive

Re: [art] Revising BCP56: On the use of HTTP as a Substrate

Ben Campbell <ben@nostrum.com> Sat, 15 July 2017 09:31 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67AE9131B43 for <art@ietfa.amsl.com>; Sat, 15 Jul 2017 02:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uaTWqWO7qtK6 for <art@ietfa.amsl.com>; Sat, 15 Jul 2017 02:31:34 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A703812EC4B for <art@ietf.org>; Sat, 15 Jul 2017 02:31:33 -0700 (PDT)
Received: from [10.43.10.6] (61.3e.32a9.ip4.static.sl-reverse.com [169.50.62.97]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v6F9VLpD071924 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sat, 15 Jul 2017 04:31:25 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 61.3e.32a9.ip4.static.sl-reverse.com [169.50.62.97] claimed to be [10.43.10.6]
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <ebabe106-d914-f21b-30c2-f91f583f4de5@nostrum.com>
Date: Sat, 15 Jul 2017 11:31:19 +0200
Cc: Mark Nottingham <mnot@mnot.net>, art@ietf.org, Patrick McManus <mcmanus@ducksong.com>, Alexey Melnikov <alexey.melnikov@isode.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <58EE0072-8E7F-4A16-885E-E767F9363E9D@nostrum.com>
References: <83273F06-63D3-41C1-BC3C-9ECE401C2279@mnot.net> <ebabe106-d914-f21b-30c2-f91f583f4de5@nostrum.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/0F9i-KKx0MQID2Zei0iaDfijGC0>
Subject: Re: [art] Revising BCP56: On the use of HTTP as a Substrate
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2017 09:31:36 -0000

> On Jul 15, 2017, at 11:20 AM, Adam Roach <adam@nostrum.com> wrote:
> 
> I found 4.3.2 particularly interesting, as there doesn't seem to have been consensus in this space in the past. For example, the ws(s) and ipp(s) schemes made a different decision. I presume your assertion is that, were we defining these protocols today, they would be using http(s) instead?
> 
> I don't see anything wrong with that; I just want to probe the edges of this advice by seeing how it would have applied to decisions we made in the past, since that's a pretty good predictor for how it might apply in the future.
> 
> The advice in 4.3.3 seems a bit strong, in that it will require whatever process listens on port 443 to take on an ever-increasing role. If we're going to keep this advice, I think the document needs some treatment of the software architecture implications: functionally, whatever listens to port 443 will need to be able to delegate sub-trees of the URL space to other processes. I know that some web servers have mechanisms to handle this kind of thing today; but we're effectively saying that this will become required base functionality for web servers moving forward.\
> 
> I wonder, in that context, whether the current advice strikes the right balance.
> 

Also, while I recognize the difference between protocols “using HTTPS” on 443 vs non-HTTPS protocols using 443 for NAT traversal purposes, the recent controversy over CORE's use of 443 suggests that this discussion will need to go beyond ART. At least, I think some TSV and OPS people may have opinions. Maybe those opinions will be “it’s HTTPS, use HTTPS”, but we should verify. (I suspect network management people may have concerns.)

Ben.


> /a
> 
> On 7/11/17 06:14, Mark Nottingham wrote:
>> A number of folks have recently noted that BCP56 addresses the problems of using HTTP for protocols in the early 2000's, but we've moved on considerably since then.
>> 
>> Given the number of IETF protocols being build upon HTTP these days, it seems timely to reconsider it. I've been working on a candidate for replacing it for a little while; see:
>>   https://tools.ietf.org/html/draft-nottingham-bcp56bis
>>   https://mnot.github.io/I-D/bcp56bis/
>> 
>> I have a small-ish slot in the HTTP WG session on Wednesday to discuss this.
>> 
>> Cheers,
>> 
>> --
>> Mark Nottingham   https://www.mnot.net/
>> 
>> _______________________________________________
>> art mailing list
>> art@ietf.org
>> https://www.ietf.org/mailman/listinfo/art
> 
> 
> _______________________________________________
> art mailing list
> art@ietf.org
> https://www.ietf.org/mailman/listinfo/art

v2.23.0 | Report a Bug | By Email