Re: HTTPS 2.0 without TLS extension?

William Chan (陈智昌) <willchan@chromium.org> Tue, 23 July 2013 17:36 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5923711E8307 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Jul 2013 10:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.676
X-Spam-Level:
X-Spam-Status: No, score=-9.676 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1F5aFIzetxnF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Jul 2013 10:36:26 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id C663011E830F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 23 Jul 2013 10:36:25 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V1gUL-0008NG-Q9 for ietf-http-wg-dist@listhub.w3.org; Tue, 23 Jul 2013 17:35:05 +0000
Resent-Date: Tue, 23 Jul 2013 17:35:05 +0000
Resent-Message-Id: <E1V1gUL-0008NG-Q9@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <willchan@google.com>) id 1V1gUC-00075t-Ot for ietf-http-wg@listhub.w3.org; Tue, 23 Jul 2013 17:34:56 +0000
Received: from mail-ob0-f172.google.com ([209.85.214.172]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <willchan@google.com>) id 1V1gUC-0002Jl-3l for ietf-http-wg@w3.org; Tue, 23 Jul 2013 17:34:56 +0000
Received: by mail-ob0-f172.google.com with SMTP id wo10so10905555obc.3 for <ietf-http-wg@w3.org>; Tue, 23 Jul 2013 10:34:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=IC1BB6eLgTniFHa5sP5WlhLn7O0CkRAC/nDn1E2wsmQ=; b=H6qwrjw26N6umvHNt1AhslnXhhg8jHILqgZxh1z10cVTjiTV7vEL983zxK0gsY4yLn sHl2HhwVH3DlIZhwapVDtScw1rY5boHfK0lh+hemfZKjYHEcOZkpiP9vrSgi8u02X/ML xDMLUGY1MFaYY0vJDi3dnZLkz8kqATuruw3tZdHSuZExzo9mCzch0GzKJttnGommBb8H NOBDeWLTp5AN5W9Som67epta3HZWvrsrLLGRvKS4umcukRqwHWO69/3qCJgMQGSmBmCE 6cPXRAyp4e7Te53TGpdw/chiUR5m9+42X23KDh7C/7X5Vuvg9im4/i4ON83saTIpxjfC XEhw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=IC1BB6eLgTniFHa5sP5WlhLn7O0CkRAC/nDn1E2wsmQ=; b=U+ffsOywqvlFEOs8w7Wee7vihU4USW5iCF7d15c9g47hs3mPKbbNe0JRqxdsd1E/7y f1UYa6okJ6p7SeBJdkahvuHUZrpvzOli+aGOk9AjXvyTGKFh7l543mRMgT+hOdZvQtYa VoZ5VYpaOUBWLBGPfnaLVCXF0BkMz8o2uCOIY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=IC1BB6eLgTniFHa5sP5WlhLn7O0CkRAC/nDn1E2wsmQ=; b=pT2mYyqcxRbfQjnnnddE/o6my+exwX/JjEeun9dbIedjmTPkDp6B8odVpn2HMzVafT omBOa9/TjlCj8mybnIFPhwFyjgSQnClyF0muZp7PAr0lBB/QcZvISxJ1HuOgmRV6GsLq hkRp5u2QOkNY8tlUNcftMqxEh7RnfkD3eRd2ALmum1SuqoNSBw2LG6LrcdoJIGzd6T3r jGj+Omxj8L/LWpUjzEg2cPhJnxe76gnJ0FVn7F7TKNzljjy7GEBMvIi7PfxE8i6WsPXo ERAsg0/p9mH3jf9Ow/qWP1JwUsqD0vTIEfYfTqoE5Qu5fk5SGxgA5YvjOkvtm+dIDJaZ jygQ==
MIME-Version: 1.0
X-Received: by 10.50.126.36 with SMTP id mv4mr21391657igb.45.1374600870029; Tue, 23 Jul 2013 10:34:30 -0700 (PDT)
Sender: willchan@google.com
Received: by 10.64.129.164 with HTTP; Tue, 23 Jul 2013 10:34:29 -0700 (PDT)
In-Reply-To: <CACuKZqEBAqXs-cQF1U-g3npaXGR0LEoXZYxDv-3a+ftn-YG=_g@mail.gmail.com>
References: <CACuKZqEBAqXs-cQF1U-g3npaXGR0LEoXZYxDv-3a+ftn-YG=_g@mail.gmail.com>
Date: Tue, 23 Jul 2013 10:34:29 -0700
X-Google-Sender-Auth: VpFsmYMZXl8CWePctC__hmQH4Tk
Message-ID: <CAA4WUYjS=JXYAYKe0ueqUFbdEUC3pM8xuj--b=F=WPgnSc9xYg@mail.gmail.com>
From: =?UTF-8?B?V2lsbGlhbSBDaGFuICjpmYjmmbrmmIwp?= <willchan@chromium.org>
To: Zhong Yu <zhong.j.yu@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary=047d7b3a9684911b7704e23134d1
X-Gm-Message-State: ALoCoQneMzyrYtetVeNKDQfvzQE+ySQ63LPnfsipUKWf4Xkb0+wm3nMVONxVx8PZMjiB+ipKmxQx8x18jGII3M5NCJ0hu4ICnujKyf7isjDheOeZOHSXXInUDn/y+FrsmZ4fgsRL+EiINDlnQMKLeZVFS+RTekzos2h1Ji+NEINhq9SOS9z/PM+4nGGHOwjSCCJp5wyu7eEo
Received-SPF: pass client-ip=209.85.214.172; envelope-from=willchan@google.com; helo=mail-ob0-f172.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.741, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1V1gUC-0002Jl-3l 246528bad81923b687f1f77e688e839b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTPS 2.0 without TLS extension?
Archived-At: <http://www.w3.org/mid/CAA4WUYjS=JXYAYKe0ueqUFbdEUC3pM8xuj--b=F=WPgnSc9xYg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18880
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

FWIW, it seems reasonable to me to have the spec allow HTTPS 2.0 without
TLS extension. If you want to Upgrade, be my guest. I have no plans for my
browser to support that, and I don't think Google servers will support it
either, because we care strongly about the advantages of TLS-ALPN vs
Upgrade.

IIRC, Twitter doesn't use NPN for the same reasons (lack of TLS extension
support on certain mobile clients). I believe they don't care about public
interop though, they just use dedicated VIPs with clients they control.


On Mon, Jul 22, 2013 at 5:06 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote:

> The draft mandates TLS extension ALPN for any https 2.0 connections,
> but why is that necessary? Why can't we also establish an https 2.0
> connection through the Upgrade mechanism, without ALPN? TLS extension
> may not be available/convenient on some platforms for some time;
> requiring it may discourage some potential implementers.
>
> Zhong Yu
>
>