Re: [Doh] How to start HTTP/2?

Martin Thomson <martin.thomson@gmail.com> Tue, 16 January 2018 23:12 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40A1712EB86 for <doh@ietfa.amsl.com>; Tue, 16 Jan 2018 15:12:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCXHZTjx_m7C for <doh@ietfa.amsl.com>; Tue, 16 Jan 2018 15:12:03 -0800 (PST)
Received: from mail-ot0-x243.google.com (mail-ot0-x243.google.com [IPv6:2607:f8b0:4003:c0f::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99D8E12EB90 for <doh@ietf.org>; Tue, 16 Jan 2018 15:12:03 -0800 (PST)
Received: by mail-ot0-x243.google.com with SMTP id f100so2589794otf.3 for <doh@ietf.org>; Tue, 16 Jan 2018 15:12:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=w/59sSRXgi7Ppdr2CnsqJfcI7CW6IlKAQ5IzZ4xppgM=; b=bCJ7YFsoDn3w/JS8AHKQBoCmOACo9CXyjqjoyyxTYicWUH/acSyYHmqZKM4OksSngh eqe4jXmU3Gn1ZqhlT2Onrqg0h/hiQNVZCRzne4Ws/Kp4Ydmm2BAm3piiCteeFKM60690 Sp+VQtBfoDmdrDTZz0Nfw+E4aTkqivEzPnQWJBdNo7BpKksxw/02QosN8nyuzYPHzcoW /4xS2uyqFBlAfyOZo7Sch9L8f4iyGZ159Igl+NNKWgF2faf80oj8ghT4BLscRMJ3o0hX KjGsTFhROz8aqG4FYQDUZbSdzyppCpUwoDHgJVC0tvfmCIBpNUSVL6rfdz0TKjzgUlJi ENYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=w/59sSRXgi7Ppdr2CnsqJfcI7CW6IlKAQ5IzZ4xppgM=; b=MeHO7n2bEbTbdzdLDLe/sRzR6POhTuaCk7MiYsxEtztSpwuGR6dzv5FyonY/mIIgW0 6e7zbCXGGBXAmAQ19Sd3SjNsGJT8QxxNS5GBPwy+goDkp/QdrjmBHlr4eq+Z/OYkdcjR AfNAH6ZvrP0oWEL55gcDtyw6lKSl18qQzEr3yF639nY3DdvUzbz8ryStbWhI4QEIXiu+ GYynacgQgvIQiXVaH39gzUcufn6+zxLLTeWPWehw5wfr9gUy+PClHZ8KuaLKfJhKRQc0 us4D5gnmqmRKVyaqS//JI0N17pXn5tc423pZMp+Ol4hXSNF7KWuh8EZCJY5mVCEPMOk3 XKbQ==
X-Gm-Message-State: AKwxytc91MhtU5W7KvAzJZgIK0RXjIB54z1xEqZRR5AmIbrwkDGtKPiP mJImRylnfqR10DbItyxPh1+IL0cIGNCznJT90Bk=
X-Google-Smtp-Source: ACJfBotQe2HUtpb801BhJuD8GsK6vT8MDgQO59E5cotxVz6T3Eyn2G4Es98N6MbDxr0oBYqeECP0EGRkOr8S5DzDQjg=
X-Received: by 10.157.68.154 with SMTP id v26mr21769ote.308.1516144322881; Tue, 16 Jan 2018 15:12:02 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.39.16 with HTTP; Tue, 16 Jan 2018 15:12:01 -0800 (PST)
In-Reply-To: <alpine.DEB.2.20.1801161623490.20551@tvnag.unkk.fr>
References: <20180116150246.dvr3d3nstozqfadn@nic.fr> <alpine.DEB.2.20.1801161607110.20551@tvnag.unkk.fr> <20180116152145.qhgqoo3dqmebb6aa@nic.fr> <alpine.DEB.2.20.1801161623490.20551@tvnag.unkk.fr>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 17 Jan 2018 10:12:01 +1100
Message-ID: <CABkgnnUdYMSDDrL4XHXoYhAyrGZLvhUNLz90jVhBpYKEi41HtA@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, doh@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/c2koByddF_cbB2Jm-o1cmYM8FMQ>
Subject: Re: [Doh] How to start HTTP/2?
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jan 2018 23:12:05 -0000

What Daniel said.  We're really only targetting HTTPS here, and HTTPS
means TLS and ALPN when it comes to HTTP/2.

Also, as a practical matter, HTTP/2 over TLS with ALPN is the only
configuration that is widely deployed and available.  curl is somewhat
exceptional here in its promiscuity, but that's a core feature of
curl.

On Wed, Jan 17, 2018 at 2:30 AM, Daniel Stenberg <daniel@haxx.se> wrote:
> On Tue, 16 Jan 2018, Stephane Bortzmeyer wrote:
>
>> OK, but could it be better to say explicitely "Servers and clients MUST
>> start HTTP/2 using the ALPN extension of TLS, as specified in RFC 7540,
>> section 3.3"?
>
>
> It probably could, but as that's exactly what doing HTTP/2 over HTTPS means
> I considered that implied.
>
>> (Then, what a server should do if the client did not use ALPN? Start
>> HTTP/2 anyway, because of the robustness principle?)
>
>
> If you want HTTP/2 over HTTPS, you need to use ALPN. An HTTPS server that
> doesn't do ALPN can't speak HTTP/2 as defined in RFC7540.
>
> --
>
>  / daniel.haxx.se
>
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh