Re: Working Group Last Call for draft-ietf-httpbis-tunnel-protocol

"Adrien de Croy" <adrien@qbik.com> Mon, 30 March 2015 21:25 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 981271A00F6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Mar 2015 14:25:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I_h-oLlT3tey for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Mar 2015 14:25:16 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7120B1A00F4 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 30 Mar 2015 14:25:16 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Ych8J-00050a-TF for ietf-http-wg-dist@listhub.w3.org; Mon, 30 Mar 2015 21:22:07 +0000
Resent-Date: Mon, 30 Mar 2015 21:22:07 +0000
Resent-Message-Id: <E1Ych8J-00050a-TF@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <adrien@qbik.com>) id 1Ych8A-0004zt-VD for ietf-http-wg@listhub.w3.org; Mon, 30 Mar 2015 21:21:58 +0000
Received: from smtp.qbik.com ([122.56.26.1]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <adrien@qbik.com>) id 1Ych86-0001ZH-Ix for ietf-http-wg@w3.org; Mon, 30 Mar 2015 21:21:58 +0000
Received: From [192.168.1.146] (unverified [192.168.1.146]) by SMTP Server [192.168.1.3] (WinGate SMTP Receiver v8.3.2 (Build 4772)) with SMTP id <0000306994@smtp.qbik.com>; Tue, 31 Mar 2015 10:20:20 +1300
From: Adrien de Croy <adrien@qbik.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Willy Tarreau <w@1wt.eu>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Date: Mon, 30 Mar 2015 21:20:20 +0000
Message-Id: <em6b017b97-9da0-4262-b397-81afc1c1530e@bodybag>
In-Reply-To: <CABkgnnUBTTDmTASTT-6CQYOnsukhByy0SO3FK5ugPygvoxCAvw@mail.gmail.com>
Reply-To: Adrien de Croy <adrien@qbik.com>
User-Agent: eM_Client/6.0.21372.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=122.56.26.1; envelope-from=adrien@qbik.com; helo=smtp.qbik.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: AWL=-0.225, BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1Ych86-0001ZH-Ix ac80ab5c18cf2e254de05ebf104eb96b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Working Group Last Call for draft-ietf-httpbis-tunnel-protocol
Archived-At: <http://www.w3.org/mid/em6b017b97-9da0-4262-b397-81afc1c1530e@bodybag>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29090
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

OK I understand.

seems like broken layering to me though.

For instance what do you do for foo over TLS over TLS... create fooss?  
foo over SSH becomes foosh?

So to put a protocol over TLS you need to assign another registry entry? 
  And if it can go over some other channel you need to register even 
more?  I see problems with this approach.  Software won't be updated to 
recognise these tokens.  So it will have to resort to sniffing if it 
wants to do anything with the TLS layer (like protecting against bad 
certs).

The design pattern where each layer identifies only the next layer is 
very effective and elegant.  I don't know why we would want to move away 
from that.

It's a misnomer to refer to ALPN as "next layer" negotiation then.  
Maybe I'm being confused by NPN

Adrien


------ Original Message ------
From: "Martin Thomson" <martin.thomson@gmail.com>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "Willy Tarreau" <w@1wt.eu>; "Amos Jeffries" <squid3@treenet.co.nz>; 
"HTTP Working Group" <ietf-http-wg@w3.org>
Sent: 31/03/2015 6:58:27 a.m.
Subject: Re: Working Group Last Call for 
draft-ietf-httpbis-tunnel-protocol

>On 30 March 2015 at 06:43, Adrien de Croy <adrien@qbik.com> wrote:
>>  If you have a foo protocol that is used over TLS or may be used 
>>directly
>>  over TCP, then if you see
>>
>>  ALPN: foo
>>
>>  then how does the registry help you determine if this is foo over TLS 
>>or
>>  plaintext foo, since _surely_ you don't put foos in the TLS ALPN, 
>>since the
>>  "next layer" from TLS is not foos, it is foo.
>
>
>You describe the whole thing. So 'foos' is correct. A protocol of
>foo over TLS over TCP is identified separately from foo over TCP.