IETF Logo Mail Archive

Re: Stream limits draft posted

David Benjamin <davidben@chromium.org> Mon, 13 November 2023 00:32 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8DA5C17C899 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 12 Nov 2023 16:32:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.757
X-Spam-Level:
X-Spam-Status: No, score=-7.757 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHuBLiByD72E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 12 Nov 2023 16:32:44 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F02F3C170608 for <httpbisa-archive-bis2Juki@ietf.org>; Sun, 12 Nov 2023 16:32:43 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1r2KJ5-00CcYY-Vd for ietf-http-wg-dist@listhub.w3.org; Sun, 12 Nov 2023 23:56:00 +0000
Resent-Date: Sun, 12 Nov 2023 23:55:59 +0000
Resent-Message-Id: <E1r2KJ5-00CcYY-Vd@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <davidben@google.com>) id 1r2KJ3-00CcXX-Ck for ietf-http-wg@listhub.w3.org; Sun, 12 Nov 2023 23:55:57 +0000
Received: from mail-yw1-x112a.google.com ([2607:f8b0:4864:20::112a]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <davidben@google.com>) id 1r2KIu-00G3fd-VS for ietf-http-wg@w3.org; Sun, 12 Nov 2023 23:55:57 +0000
Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-5a7d9d357faso43034067b3.0 for <ietf-http-wg@w3.org>; Sun, 12 Nov 2023 15:55:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1699833340; x=1700438140; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=b1BpkUOD266I19aeY/dHikNstPntWt4qM0Da/PXUwUA=; b=QErQxIUpcWCaTb8/tX9iEWVGMZip3JBGcDDNXmA+uBjyZQVN1tNBRCcpgTz3tMpV9N eQAnzObd4YDVIrVSt29BH3lJE4jd7BXGFDfGgfE8ayeU5aJgnA5g3EgcBDu4M/McCy54 j6rlY1pmqnZMlReusfFmWd7V6LJHr0FNBWyGc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699833340; x=1700438140; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=b1BpkUOD266I19aeY/dHikNstPntWt4qM0Da/PXUwUA=; b=QOY4XxaoA03OjpO4yjgVBCaSByfjRdW3iNfVX+hk2Qaw2b4Hl1As/Awft9cYKifRpc hBcw/F5CSWseZfPxgs8bucEIZegmvcuuVbpon4zEsn7lXo02a6dOHp7FTVl8Lvf/W48M Y7OZd70NoQ3CzfGJ4UiDdOaCaDVEOgwJhiY14u5qkbAXO4A1iLW1nPYOgVCtByfMRY/K EOgymeMf/4tQBb5zdOIkYUsSzll4v0Zqr4vPGA3niHfbYInTLbThYgndADT5JhmJd3D6 /AEO/yfYFevk1Qo3QdubP69jl1O25D7zwpdq+a1qvZ7V8MY7RujSpAIghwtNvHyWMrVY c0Pw==
X-Gm-Message-State: AOJu0YxC/8KCqnTg5mSEvbTWph3mRYC7fFF/HWPYzelVQJqQLSH+ngMM 2jrcq8vv5lLoWL/YkCF79qgxWKbPwAl5391JypLnVSeXay6F/xz7iZ4G
X-Google-Smtp-Source: AGHT+IGkjL0y6EZ/c1SIvXIZhj3cxwhdis0/pRaU5PpHLAwJnA39Lzf0NZ87c6QSIMWPyRI2BYchCB8LX35dF6IW88o=
X-Received: by 2002:a0d:e690:0:b0:5c0:8f5e:c8fa with SMTP id p138-20020a0de690000000b005c08f5ec8famr5397300ywe.5.1699833339682; Sun, 12 Nov 2023 15:55:39 -0800 (PST)
MIME-Version: 1.0
References: <14d520c2-8c07-4c30-bd54-faa4ad964a6a@app.fastmail.com> <CANatvzwQ3hD9-+5rUo8Fi_zaHSmDBWv8HaJGPHOihT4qf8xs1Q@mail.gmail.com> <0DE80F27-85C7-4F5C-B04D-316F9C8B7DF5@eissing.org> <dad05307-306a-4d15-9c54-899f3f778c0a@app.fastmail.com> <ZU88Y3q3zQNEku_G@LK-Perkele-VII2.locald>
In-Reply-To: <ZU88Y3q3zQNEku_G@LK-Perkele-VII2.locald>
From: David Benjamin <davidben@chromium.org>
Date: Sun, 12 Nov 2023 18:55:20 -0500
Message-ID: <CAF8qwaDK5y0=d3q7_V0R+Nv3buSoxH0-wGTt=PTpbcQ-snM=cA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="0000000000006472eb0609fd4a04"
Received-SPF: pass client-ip=2607:f8b0:4864:20::112a; envelope-from=davidben@google.com; helo=mail-yw1-x112a.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=davidben@google.com domain=chromium.org), signature is good
X-W3C-Hub-Spam-Status: No, score=-11.3
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_SPF_WL=-7.5, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1r2KIu-00G3fd-VS cf48c24b3ea93344c510145b51029927
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Stream limits draft posted
Archived-At: <https://www.w3.org/mid/CAF8qwaDK5y0=d3q7_V0R+Nv3buSoxH0-wGTt=PTpbcQ-snM=cA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51594
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Even over TLS 1.3, I would expect the vast, vast majority of HTTP/2 servers
do *not* send SETTINGS at half-RTT. When I probed some list of top sites in
2020, I could not find a *single* one.

This should not be surprising once you dig into it. Half-RTT data on a
1-RTT handshake is semantically weird, in a way that half-RTT on a 0-RTT
handshake is not. It really does not fit well into TLS-over-TCP's existing
interfaces at all.On the client side, taking a 1-RTT hit against
practically all existing HTTP/2 servers seems clearly an unreasonable
performance cost. Ultimately, it is a change in protocol semantics to go
from "sending SETTINGS at 1-RTT is just fine" to "SETTINGS must be sent at
half-RTT to avoid latency problems". On the server side, I don't believe
it's possible to send it with OpenSSL servers. BoringSSL too, which was an
intentional choice on our part.

I wrote this a couple years ago, which discusses this and other problems
with trying to solve this shape of problem with half-RTT:
https://www.ietf.org/archive/id/draft-davidben-tls-alps-half-rtt-00.html

I haven't been following this issue as closely, but skimming the draft, it
seems to me three questions here:
1. How to ensure clients know to trigger the new mode early enough.
2. How to allow clients to open streams in the new mode without waiting for
an RTT, in both 1-RTT and 0-RTT handshakes.
3. How to distinguish clients that do and don't implement the new scheme so
that, either under load or perhaps unconditionally in the future, servers
can avoid negotiating h2 with older clients.

I suspect any solution for (2) will either look like early server->client
communication (be it ALPS or a Rube Goldberg of half-RTT, 0-RTT session
ticket state, and applications injecting themselves into the 0-RTT
accept/reject decision), or, as Kazuho suggested, just some hard-coded
initial default value. Both the ALPS and half-RTT plans will require TLS
software changes, so I suspect the hard-coded initial value is most viable,
provided we can find a small enough default to satisfy DoS concerns, but
large enough to admit one RTT worth of stream creations.

But then we don't solve (1) for free. For that, I think the new ALPN is the
way to go. As this is essentially a protocol bugfix, rather than an
optional extension, a version bump to "h2.1" seems appropriate.  ALPN
happens early enough, and is already correctly integrated with 0-RTT, so
the client will know, before sending data, to use the new mode. Moreover,
the server knows whether the client will behave *before* picking the
protocol, so we get (3) as well, which the half-RTT and ALPS options would
not give us. (ALPS puts the client message in the second client flight so
that it is encrypted. That means the server only knows "client supports
ALPS" at protocol selection time. It also was designed assuming it
*wouldn't* impact protocol selection.)

The hardcoded default is a little unsatisfying compared to early
server->client, but we could do both: if we get a server->client initial
value in ALPS, use that. Otherwise, use the hard-coded default. (This isn't
an option with half-RTT because the client needs to know when to stop
waiting, when talking to a server that can't send it.)

(To fully explore the problem space, a new ALPN *does* resolve the client
performance problems of the half-RTT approach: with a new ALPN we can say
"you *must* send SETTINGS in half-RTT in h2.1". But all the other problems,
such as those in the link and requiring TLS library changes, remain. I do
not think half-RTT is viable here.)

On Sat, Nov 11, 2023 at 3:37 AM Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Sat, Nov 11, 2023 at 08:50:51AM +0100, Martin Thomson wrote:
> > On Fri, Nov 10, 2023, at 14:16, Stefan Eissing wrote:
> > > +1
> > >
> > > I think clients will not wait for the MAX_STREAMS from the server. I
> > > assume they want to send right away instead of waiting for a while.
> The
> > > server might support it or not. How long are they willing to wait for
> > > this?
> >
> > In the meeting, it was suggested that we require clients to wait for
> > SETTINGS before opening streams.  I think that is a good idea and
> > entirely possible, without significant performance penalties.
> >
> > In TLS 1.3, the server can send SETTINGS immediately, which means that
> > the client only needs to read a few more bytes before it can start
> > sending.
> >
> > The minor pain here, as David Benjamin will likely remind us, is that
> > it is a little awkward sending data from the server before seeing the
> > client Finished.  So we'd probably want to experiment here.
>
> I have written a HTTP reverse proxy, which used to send SETTINGS
> immediately in TLS 1.3[1]. Unfortunately, that caused some clients to
> break[2], manifesting as fatal unexpected_message TLS alert immediately
> after handshake completed. So I changed the code to always wait for
> finished from client[3].
>
>
> [1] If there was no client certificate request, for shortcomings of
> the interface between TLS and HTTP layers.
>
> [2] No information about what clients broke. However, mentions by
> one user might indicate that some "anti-virus" products were
> involved.
>
> [3] There might still be option to re-enable the old behavior.
>
>
>
>
> -Ilari
>
>

v2.23.0 | Report a Bug | By Email