Re: [Doh] How to start HTTP/2?
Patrick McManus <pmcmanus@mozilla.com> Wed, 17 January 2018 15:03 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B69A127978 for <doh@ietfa.amsl.com>; Wed, 17 Jan 2018 07:03:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4B7e_MBsQhJ for <doh@ietfa.amsl.com>; Wed, 17 Jan 2018 07:03:47 -0800 (PST)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id D94B912D957 for <doh@ietf.org>; Wed, 17 Jan 2018 07:03:46 -0800 (PST)
Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com [209.85.215.52]) by linode64.ducksong.com (Postfix) with ESMTPSA id 684163A0FE for <doh@ietf.org>; Wed, 17 Jan 2018 10:03:44 -0500 (EST)
Received: by mail-lf0-f52.google.com with SMTP id h92so12038088lfi.7 for <doh@ietf.org>; Wed, 17 Jan 2018 07:03:44 -0800 (PST)
X-Gm-Message-State: AKwxytfblcVV/cgIYakZG/WW0TK+PnBURc4+7Q7dn/0EJ/XcJetpGBYS y1w2TDYbxklS1uPrDvNgevjdgtJd1lafUBLkTwM=
X-Google-Smtp-Source: ACJfBoueYDQYLfPcl0b+yLnpv9oQPgN2V0I1p0Ul3NoLq0L+IUUj6Fp3cSsptYpAgwQ9QPg8FTyiLTc2j0wubpbMbgA=
X-Received: by 10.25.193.204 with SMTP id r195mr10820573lff.37.1516201423068; Wed, 17 Jan 2018 07:03:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.218.17 with HTTP; Wed, 17 Jan 2018 07:03:42 -0800 (PST)
In-Reply-To: <20180117081823.GA23686@laperouse.bortzmeyer.org>
References: <20180116150246.dvr3d3nstozqfadn@nic.fr> <alpine.DEB.2.20.1801161607110.20551@tvnag.unkk.fr> <20180116152145.qhgqoo3dqmebb6aa@nic.fr> <CAOdDvNqTB=RxtJ5+ykbN_4KKhZS=_DnPdpK3yPh0cL2ey-7GKA@mail.gmail.com> <20180117081823.GA23686@laperouse.bortzmeyer.org>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Wed, 17 Jan 2018 10:03:42 -0500
X-Gmail-Original-Message-ID: <CAOdDvNoKEZyhrwwd0tUTEpHA41byVxO6o_qvU4GUpEPPdd=TJQ@mail.gmail.com>
Message-ID: <CAOdDvNoKEZyhrwwd0tUTEpHA41byVxO6o_qvU4GUpEPPdd=TJQ@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: Patrick McManus <pmcmanus@mozilla.com>, doh@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c1a194a3ae4b30562fa27bc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/Qw2sx3bi1e5SvhzlMb_-F_uqfk0>
Subject: Re: [Doh] How to start HTTP/2?
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2018 15:03:54 -0000
On Wed, Jan 17, 2018 at 3:18 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote: > > Martin Thomson said it is not a problem because everyone uses TLS and > ALPN, anyway. But it contradicts what you say about the possibility of > future changes using other techniques. > for h2, everyone does use TLS/ALPN/TCP-443 for the base case.. but if you're using alt-svc then the host and port are resolved differently. DoH can use Alt-Svc but DoH (rightly) doesn't reference it. Alt-Svc is an h2 extension (rfc 7838) hq (HTTP on Quic - an IETF successor to h2) will be a bit more complicated.. not only will you need TLS and ALPN but you'll need Alt-Svc (or something like it) for even the base case as TCP/443 isn't going to work. Again, referencing the details in doh doesn't help a lot beyond saying "MUST connect via https and SHOULD use h2 or its successors". One of the reasons this can't be a MUST is actually ensuring a >= h2 path is nigh impossible given all of abstractions in infrastructure. Its not meant to say you should always fail the connection if it is not made over H2, just a] make sure your implementation offers and tries to use >= h2 in the usual ways b] understand that if you're not using >= h2 there are serious scaling and performance issues If this can be expressed as non-normative advice in a sentence or three that would be ok by me but in general I think this is what using https as a substrate means.
- [Doh] How to start HTTP/2? Stephane Bortzmeyer
- Re: [Doh] How to start HTTP/2? Daniel Stenberg
- Re: [Doh] How to start HTTP/2? Stephane Bortzmeyer
- Re: [Doh] How to start HTTP/2? Patrick McManus
- Re: [Doh] How to start HTTP/2? Stephane Bortzmeyer
- Re: [Doh] How to start HTTP/2? Patrick McManus
- Re: [Doh] How to start HTTP/2? Daniel Stenberg
- Re: [Doh] How to start HTTP/2? Martin Thomson
- Re: [Doh] How to start HTTP/2? Stephane Bortzmeyer
- Re: [Doh] How to start HTTP/2? Patrick McManus