Re: [Gen-art] Gen-ART review of draft-ietf-httpbis-tunnel-protocol-04
Martin Thomson <martin.thomson@gmail.com> Thu, 04 June 2015 04:50 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61A2D1B2EE9 for <gen-art@ietfa.amsl.com>; Wed, 3 Jun 2015 21:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdr7qiGAJiNJ for <gen-art@ietfa.amsl.com>; Wed, 3 Jun 2015 21:50:56 -0700 (PDT)
Received: from mail-yk0-x22d.google.com (mail-yk0-x22d.google.com [IPv6:2607:f8b0:4002:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66D9E1A1A4E for <gen-art@ietf.org>; Wed, 3 Jun 2015 21:50:56 -0700 (PDT)
Received: by ykfl8 with SMTP id l8so10549860ykf.1 for <gen-art@ietf.org>; Wed, 03 Jun 2015 21:50:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=t/hopyVoerNnKtIjlJxOoFjNdb4Dzhd062iKDbqTc2Y=; b=qNO2c+XtV6Q+QQ85ICyye/lJ1eSNOfAJjt6oLZ1vs449GDeC7xSNQQr9G7d2UAA08j 42vhzk5dEiMutXC9nJMvOz+3d41dnANnsz5LqjMTv7UFIw0nRhaQ1QGyDmO9xDYx/j1u OoHYVykpGbdGi4hyjGv/s+C5MYknDgz1ujpc98gjV+4zFNMt6JsZ9Oe88UykesfISgeK 8tvI1ZdN4H0pylgKydjpaFlZh/JUWvbjRjKHLPQNArfuQYqAHz+nsoM/loJQXvxclpBs kcHnOtrzSdzEBbFH1yHoZQw3MUZun8pczyRwlIO0OR5/Ex1OL5DBKJREWZngEmSP98xu OdFQ==
MIME-Version: 1.0
X-Received: by 10.236.28.75 with SMTP id f51mr39171266yha.93.1433393455741; Wed, 03 Jun 2015 21:50:55 -0700 (PDT)
Received: by 10.129.110.138 with HTTP; Wed, 3 Jun 2015 21:50:55 -0700 (PDT)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D82B57A@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D82B57A@ESESSMB209.ericsson.se>
Date: Wed, 03 Jun 2015 21:50:55 -0700
Message-ID: <CABkgnnUTEeWwaTXC2Vedr3QatL5ijQmM1rpPm7vbxXt1QYA2xA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/CJGZ0p-RH7TR1td4j5T9a7xzumw>
Cc: "draft-ietf-httpbis-tunnel-protocol.all@tools.ietf.org" <draft-ietf-httpbis-tunnel-protocol.all@tools.ietf.org>, "gen-art@ietf.org" <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-httpbis-tunnel-protocol-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2015 04:50:58 -0000
I apologize for missing this, it was badly filed. Thanks for the comments. Fresh eyes are always helpful here, and you identified lots of little pieces of potentially confusing text. The changes will be in -05, but you can preview them on github: https://httpwg.github.io/http-extensions/tunnel-protocol.html On 22 May 2015 at 01:26, Christer Holmberg <christer.holmberg@ericsson.com> wrote: > ALPN = "ALPN":" protocol-id *(COMMA protocol-id) Julian has corrected this also. The production that is used is described in RFC 7230, as referenced immediately before the rule. > Are proxies prevented from implementing any tunneled protocol? If not, > should the text say “Proxies might not implement the tunneled protocol”? They aren't really proxies when they implement the tunneled protocol, are they? That's them taking off their proxy hat and putting on a <some other protocol> server hat (or maybe their MitM hat). > Do you need both sentences, or could they be combined into a single > sentence? Good point. It was a little redundant: https://github.com/httpwg/http-extensions/commit/fb18ad4 > “For a tunnel that is then secured using TLS [RFC5246], the header field > I think it would be useful to add a reference to RFC 7301 after TLS > handshake: > “…be carried within the TLS handshake [RFC7301].” https://github.com/httpwg/http-extensions/commit/970b37f36 > What if TLS is NOT used? No problem. Application protocols can still have an identifier. Note that we say "Other substrates could negotiate the application protocol differently." and also, later, have a whole section on the subject: https://tools.ietf.org/html/draft-ietf-httpbis-tunnel-protocol-04#section-2.3 > Who makes the choice of application protocol then? That is not known. The ALPN identifiers - if the proxy understands them - will probably have to include a definition that covers how the protocol is negotiated. All the current ones do. > What if the recipient does not support, or does not want to use, the > protocol(s) indicated by the client? That's a little piece of necessary uncertainty. Just as the proxy cannot rely on this header field being present, it cannot rely on the two peers actually negotiating the indicated protocol. It can check, but TLS is (or will be) designed to make that hard. > The text says that the ALPN header field will contain the protocol that will > be used within the tunnel. > > I think “will” is wrong wording, as the recipient has the final saying on > what will be used. Later in the document the text says “intended to be > used”, and I think that would fit here too. You are right: https://github.com/httpwg/http-extensions/commit/1bbe0aa4504 > “For a CONNECT tunnel that conveys a TLS session that in turn > encapsulates another protocol,…” > > The text is confusing. Shouldn’t it simply say “A tunnel that is secured > using TLS”, or something? Yeah, it's a little overwrought. How about: For a CONNECT tunnel that conveys a protocol secured with TLS https://github.com/httpwg/http-extensions/commit/3e470d644 > “When used in the ALPN header field, the ALPN identifier and registry > are used…” > > What is meant by “registry” here? Yeah, that's a little confusing. How about: "When used in the ALPN header field, an ALPN identifier is used ..." https://github.com/httpwg/http-extensions/commit/cdf620a
- [Gen-art] Gen-ART review of draft-ietf-httpbis-tu… Christer Holmberg
- Re: [Gen-art] Gen-ART review of draft-ietf-httpbi… Paul Kyzivat
- Re: [Gen-art] Gen-ART review of draft-ietf-httpbi… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-ietf-httpbi… Jari Arkko