Re: Time to refresh HTTP/2?

Martin Thomson <mt@lowentropy.net> Tue, 08 September 2020 00:26 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C11F3A10AC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 7 Sep 2020 17:26:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=kCjBYQ8z; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=T/0NuKku
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J28IpCBmrRSx for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 7 Sep 2020 17:26:46 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FF8B3A10A3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 7 Sep 2020 17:26:45 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kFRQd-0007Cc-VU for ietf-http-wg-dist@listhub.w3.org; Tue, 08 Sep 2020 00:24:08 +0000
Resent-Date: Tue, 08 Sep 2020 00:24:07 +0000
Resent-Message-Id: <E1kFRQd-0007Cc-VU@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1kFRQc-0007Br-Py for ietf-http-wg@listhub.w3.org; Tue, 08 Sep 2020 00:24:06 +0000
Received: from wout3-smtp.messagingengine.com ([64.147.123.19]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1kFRQa-00064m-Eo for ietf-http-wg@w3.org; Tue, 08 Sep 2020 00:24:06 +0000
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 10FFD90D for <ietf-http-wg@w3.org>; Mon, 7 Sep 2020 20:23:52 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute2.internal (MEProxy); Mon, 07 Sep 2020 20:23:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=oPQIO srQ3J+gyI4UHLx1OxBFwNATUJDeG5Tynbcw6do=; b=kCjBYQ8zXPLAUC6GSPRVG i6Jytu6Xn5JqL7gAV6CjsT1RcYVrQXaKDCLdryYgaSbo4O65etigfHxyiNCzxMHf sVtidT+MaYy6e4NI/+1VG8LJo7wZKM9srOMsvkPuwZDx9PqTOLZARmVESFMZvOxb bTIyOfLTjPHwlqbO82RV8ilxaTjuWTA3qxCJXcLY5Iih0P9/USjXCCR1pJ/fCdMN 8k7do7OaljC9JhAhBkhfESBVx00h5d8SSiQx84UxrNC+ABG05h1N7yaPc3nV0WvP f5ULhDOtBjcvsyxK0nbInMRgsXNvl19X92iElxBAp5JMetkG2bVSQuPCq4OIvJ/4 Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=oPQIOsrQ3J+gyI4UHLx1OxBFwNATUJDeG5Tynbcw6 do=; b=T/0NuKkuh0i28Ai1rVp5vIcEaBvFp7zMtYR+enz532UdH5m8CWyZ4RX0p 2SZUPkpuGqTb4anbCRTyU9txyKLPuSga0Kg+i3hZ2HqfkG73S9Uw/BDySdvttZq/ iFW5d1Wgs7ch3hIwSN59lZdIj3p/zontIXjO27+QPTwctpatQfS5g9+uM7D8Szd7 nVTnv7nI+RSif7lJX28e/cke02sLFDATQAP7mgXMovoz/a8Dpc+5C7cbz4ZfzQ8e q+M5xG3IsMmLdoRKd21OPEOx9yZRU4RBVr/myhy4ra6h0uEJqaoh4N37ckvCju4V YT63/QqVumLcxNn4baFHAzFpExk9w==
X-ME-Sender: <xms:F89WX__7GTIrpwPXooMv-6mDv4ou7nRIHgi8cIpGDYV3yDxfKJQvhQ> <xme:F89WX7uBgWZSSRGgC_dnQkFY6WM7Klnwjxc4jklFTUzrbpSXOMPXS8fGADcLZXmrp 91XnuK6_5QSQxNWDVg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudehuddgfeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepjefhffelheevudefje efvddvhfdvieetudehueffudevudeugeelfeffffelvdefnecuffhomhgrihhnpehgihht hhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:F89WX9CWdrkwr3-H4xAs6O3d3H7wOHa_nwlgzow4Uck-oOZ1xv9B7w> <xmx:F89WX7eCoC8NWDYXofC1UXiiMAxrnKP8YIl4-YJZKJIKzU0ThTUuXA> <xmx:F89WX0PWv-tkiVXvXrTfEsDxLMlTOD_XweQvJRbvASpGL1jTRubdXA> <xmx:F89WX6ZHCPJmcgVKBcE0jdKVz6nb2fzhAIJMwxMhQneTbIXUj5o8Bg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5D9D120108; Mon, 7 Sep 2020 20:23:51 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-259-g88fbbfa-fm-20200903.003-g88fbbfa3
Mime-Version: 1.0
Message-Id: <7f84c9fe-3e81-44cc-84cb-4838945531c7@www.fastmail.com>
In-Reply-To: <CAKcm_gMtfNF-s4NndcyNUBBhRzMQFmGhm6MX_WC2S=7Eoui10A@mail.gmail.com>
References: <4facac0f-867d-4947-840c-fcd675a09d51@www.fastmail.com> <19ED7610-A661-4E96-B25A-352109DFFFCD@mnot.net> <c0ca4dd7-f943-44ae-9940-a679aa88e878@www.fastmail.com> <CALGR9oaScPCjFjtPKpe7LBCuo=my9uEgV2U=4NWryubX7vMJcA@mail.gmail.com> <CAKcm_gMtfNF-s4NndcyNUBBhRzMQFmGhm6MX_WC2S=7Eoui10A@mail.gmail.com>
Date: Tue, 08 Sep 2020 10:23:27 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=64.147.123.19; envelope-from=mt@lowentropy.net; helo=wout3-smtp.messagingengine.com
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1kFRQa-00064m-Eo e9729483be5198f513c537657a32cea2
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Time to refresh HTTP/2?
Archived-At: <https://www.w3.org/mid/7f84c9fe-3e81-44cc-84cb-4838945531c7@www.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38031
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks, that's a helpful list.

If you feel like adding anything, I'm keeping a list here: https://github.com/martinthomson/http2-spec/issues

On Tue, Sep 8, 2020, at 09:41, Ian Swett wrote:
> I'd support:
> 
> 1) Removing h2c!
> 2) Removing priorities entirely, but not adding anything new
> 3) Adding TLS 1.3
> 4) Adding GREASE, or at least clarifying the text to make it clear that 
> greasing is allowed, since there was some confusion on that.
> 5) Adding security considerations/etc for the Netflix/Purple Wolf 
> attack vectors.
> 
> Hopefully, not much else, besides errata.
> 
> Is the intent to change the ALPN?  Because given the challenges 
> GREASEing SETTINGS and various extension frames, I think that could be 
> helpful. +Bence Béky

I think that none of the above require anything that drastic.  What I would instead suggest is that the specification identify where there are challenges.   That is, it would mention that priorities exist, but explain that using them was not interoperable.  It probably needs to include the format of the frames in order to ensure that implementations know when to generate errors or not in relation to them (there are some MUST-level requirements that the unwitting might trip otherwise), but the semantic descriptions can be cut.