RE: draft-montenegro-httpbis-h2ot-00 question
Gabriel Montenegro <Gabriel.Montenegro@microsoft.com> Wed, 13 July 2016 19:20 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D6C512B05C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 13 Jul 2016 12:20:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.308
X-Spam-Level:
X-Spam-Status: No, score=-8.308 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ppM2mL09H1i for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 13 Jul 2016 12:20:54 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0817212B043 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 13 Jul 2016 12:20:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bNPeG-0000zk-Ro for ietf-http-wg-dist@listhub.w3.org; Wed, 13 Jul 2016 19:16:44 +0000
Resent-Date: Wed, 13 Jul 2016 19:16:44 +0000
Resent-Message-Id: <E1bNPeG-0000zk-Ro@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <Gabriel.Montenegro@microsoft.com>) id 1bNPeA-0000wq-7c for ietf-http-wg@listhub.w3.org; Wed, 13 Jul 2016 19:16:38 +0000
Received: from mail-bn3nam01on0119.outbound.protection.outlook.com ([104.47.33.119] helo=NAM01-BN3-obe.outbound.protection.outlook.com) by maggie.w3.org with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <Gabriel.Montenegro@microsoft.com>) id 1bNPe7-0004ZH-Om for ietf-http-wg@w3.org; Wed, 13 Jul 2016 19:16:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MSVa1FwA8GcoSXpMkvJHXqyy+5VRs6Jp2xDzB7Dt2GQ=; b=h5Q3uWWvo447SQ/WCJx2h3D8PQDPOBH/V0Dfe5uh8oRoFWmPYCpvdRtu2JKlyjEX0XAzZ6WlpEfIivMa/URMcQcoUor/7ING2AIItRS8/f8JxBT1/2nJ2f2LcvrKag1Si+z+AlYNQEBh4Xavv2IC/U09E61rt4bh3W9p9LYo1ak=
Received: from BN1PR03MB072.namprd03.prod.outlook.com (10.255.225.156) by BN1PR03MB072.namprd03.prod.outlook.com (10.255.225.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.534.14; Wed, 13 Jul 2016 19:16:05 +0000
Received: from BN1PR03MB072.namprd03.prod.outlook.com ([169.254.7.200]) by BN1PR03MB072.namprd03.prod.outlook.com ([169.254.7.200]) with mapi id 15.01.0534.023; Wed, 13 Jul 2016 19:16:05 +0000
From: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
To: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, "Simpson, Robby (GE Energy Management)" <robby.simpson@ge.com>
CC: "draft-montenegro-httpbis-h2ot@tools.ietf.org" <draft-montenegro-httpbis-h2ot@tools.ietf.org>
Thread-Topic: draft-montenegro-httpbis-h2ot-00 question
Thread-Index: AQHR3JxuW+HqIlS68EWwvrEQLbtSDKAWu2PA
Date: Wed, 13 Jul 2016 19:16:05 +0000
Message-ID: <BN1PR03MB072CFB3536431E78CBF22A995310@BN1PR03MB072.namprd03.prod.outlook.com>
References: <CABkgnnXHO8COVgLA2EW8W_NdtyHbPN2ihAkUqG+6vKzn1ufqcA@mail.gmail.com>
In-Reply-To: <CABkgnnXHO8COVgLA2EW8W_NdtyHbPN2ihAkUqG+6vKzn1ufqcA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Gabriel.Montenegro@microsoft.com;
x-originating-ip: [2001:4898:80e8:d::44d]
x-ms-office365-filtering-correlation-id: 57389745-9bd7-4ba2-7623-08d3ab52235e
x-microsoft-exchange-diagnostics: 1; BN1PR03MB072; 6:GJ3l7kejbz3hXpilT5QGEb+/w7TK/duOCExKdA6gccjZJ72gpkQvUF/LcNnA+wj1V434Jhwub2wHbcGwpO2PFvPED4tmn0T7dQiwqLVMavS3vJUcwRoEcd8dSlSyaiWD2qNKdbAUY1ZCR9+Nm0BWLUgsBONEBFzev/b4wXgXLCt4PezcaAEREiAiH5kW9CJgU1FXGGtiE3UWNSiUkfUQTKdxEyZ/NPhHmUxbK6A3lam4jGhe1EOQyzXKGVMWJpGDgOMIdV7D5M//9n5Lx0gZpv1VBD5kRr7Nr06FQGI0CorBsI1tANp6xJEMT7MdIM2o/pb6+mU6T+Trk/ctK/zudA==; 5:4wijCBXLHbNCtgUtIZIqlLnOp4cI1Hx06/SGLbmrwiBt203dTbEi98ByssmoVonAsX8VpgGFQ4WUlzOsaGpBFCXyCZWTeVYOTVMb5urMj6KtKlUZoppu0mFV9UpTdN82RvicGe6n1j11K1mmaVpJhQ==; 24:m4Zj2beUvZwxUqH0lO0TCq0280A5RE+CV8mdUuzrg9P4wZO7c3kbDRohAK4Y+7dcWTH75p7gSYdyDmSbANHh2CushZtiMH03hIdN0f73N3E=; 7:yOaA+QFT/X0STN6RTOl2l8MzN0M0V/a1lAEnS5iEopB3sbDRTLcuesZ9MZn8LSBErVsqEiN8AgXrx2DmmdbAy+RE5ImNuBwRHTvq4d2h6feSrieh+ltXfkY8NaMkeVa4sxoj2gXjT/7qDqhecr+f4xMman/SvKOz3lcACqwJ+Df3N0/HWKcBSY3vlHF4ibWr6/Hu0K+LE4BtLURLBKExRJZFDZP2K2KfygmZwYdmHVStC113dtdKb/8nQgekEm6S
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR03MB072;
x-microsoft-antispam-prvs: <BN1PR03MB0721639B5A67920765A923C95310@BN1PR03MB072.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:BN1PR03MB072; BCL:0; PCL:0; RULEID:; SRVR:BN1PR03MB072;
x-forefront-prvs: 000227DA0C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(189002)(199003)(78114003)(124014002)(92566002)(87936001)(33656002)(86612001)(2900100001)(101416001)(54356999)(305945005)(106356001)(68736007)(10090500001)(81156014)(5002640100001)(76576001)(8936002)(189998001)(5001770100001)(81166006)(105586002)(3280700002)(7846002)(7696003)(2950100001)(7736002)(122556002)(3660700001)(5003600100003)(97736004)(106116001)(6116002)(99286002)(74316002)(230783001)(102836003)(50986999)(76176999)(8676002)(586003)(10290500002)(2906002)(5005710100001)(10400500002)(8990500004)(86362001)(4326007)(9686002)(11100500001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR03MB072; H:BN1PR03MB072.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2016 19:16:05.7663 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR03MB072
Received-SPF: pass client-ip=104.47.33.119; envelope-from=Gabriel.Montenegro@microsoft.com; helo=NAM01-BN3-obe.outbound.protection.outlook.com
X-W3C-Hub-Spam-Status: No, score=-5.4
X-W3C-Hub-Spam-Report: AWL=-1.355, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bNPe7-0004ZH-Om 8641d0c026e46a5737122ac481c9372c
X-Original-To: ietf-http-wg@w3.org
Subject: RE: draft-montenegro-httpbis-h2ot-00 question
Archived-At: <http://www.w3.org/mid/BN1PR03MB072CFB3536431E78CBF22A995310@BN1PR03MB072.namprd03.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31955
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
> This is an interesting piece. I certainly hope that this is being > discussed in other venues than just the HTTP working group, in a sense > it's less valuable for us than others. Thanks! Not currently being discussed elsewhere, although we've thought about a couple of groups. Any suggestions? The main ideas to encourage HTTP/2 for IoT were presented and discussed a couple of IETF’s ago at a CoRE WG meeting. Even though there were some favorable responses, this group isn’t really chartered to go work on HTTP/2, as they’re very CoAP-centric. The bigger picture is that we should explore a common stack across IoT and other scenarios, so we should not need new WG’s to deal with IoT issues. IoT is the norm and we should get used to it in every working group. > On the profile section, are there particular aspects to h2 that are > not particularly well-suited to implementation in constrained devices? > Is there anything that implementing h2 has suggested (that maybe > hasn't already been suggested to this working group? The focus of the draft is currently on exploring how to use current HTTP/2 for IoT now within the confines of the defined protocol. This is the subject of the profile and implementation sections in the draft. One unresolved issue is called out in the security considerations section: one of *the* IoT ciphersuites (TLS_PSK_WITH_AES_128_CCM_8) is disallowed explicitly by HTTP/2: Given the security challenges in IoT scenarios, HTTP/2 is assumed to use TLS services. In Internet scenarios, [RFC7540] has clear guidance in this respect. In Constrained network scenarios, the guidance for IoT is [I-D.ietf-dice-profile]. However, these are currently at odds. For example, Section 4.2 of [I-D.ietf-dice-profile] mandates the ciphersuite TLS_PSK_WITH_AES_128_CCM_8 for preshared key-based authentication (quite common in IoT deployments). On the other hand, Appendix A of [RFC7540] includes TLS_PSK_WITH_AES_128_CCM_8 in the HTTP/2 Black List of disallowed cipher suites, despite it being an AEAD ciphersuite. This is still to be resolved. The other IoT ciphersuite mandated by [I-D.ietf-dice-profile], namely, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (used for both certificate-based and Raw Public Key-based authentication) is not on the HTTP/2 Black List. Or is the intent of your question asking what changes in HTTP/2 would make it more amenable to IoT? One aspect that could reap benefits would be if binary headers came back into the picture. Also, whereas there is plenty of room to negotiate parameters, it would also help if there were some way for both sides to agree on a given profile without incurring in any negotiation. The draft hints that in practice, prior knowledge can be used to this effect. You might recall that we proposed profile negotiation in ALPN a long time ago (which is where the “h2” and “h2c” tokens actually originated, where h2c meant the “constrained” profile). But this didn’t progress, partly because ALPN tokens lead to explosion. At any rate, prior knowledge has been used in massive scale already to bypass ALPN altogether (Twitter). Whereas the draft doesn’t advocate this, it hints that prior knowledge could be used to bypass parameter negotiation. But this is a good question. In part, the purpose of issuing this draft is to ask people to think about this question. Robby may have further thoughts about this... Thanks, Gabriel
- RE: draft-montenegro-httpbis-h2ot-00 question Gabriel Montenegro
- Re: draft-montenegro-httpbis-h2ot-00 question Carsten Bormann
- RE: draft-montenegro-httpbis-h2ot-00 question Gabriel Montenegro
- draft-montenegro-httpbis-h2ot-00 question Martin Thomson