Re: Time to refresh HTTP/2?

Martin Thomson <> Tue, 08 September 2020 00:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2C11F3A10AC for <>; Mon, 7 Sep 2020 17:26:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=kCjBYQ8z; dkim=pass (2048-bit key) header.b=T/0NuKku
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J28IpCBmrRSx for <>; Mon, 7 Sep 2020 17:26:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9FF8B3A10A3 for <>; Mon, 7 Sep 2020 17:26:45 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1kFRQd-0007Cc-VU for; Tue, 08 Sep 2020 00:24:08 +0000
Resent-Date: Tue, 08 Sep 2020 00:24:07 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1kFRQc-0007Br-Py for; Tue, 08 Sep 2020 00:24:06 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1kFRQa-00064m-Eo for; Tue, 08 Sep 2020 00:24:06 +0000
Received: from compute2.internal (compute2.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id 10FFD90D for <>; Mon, 7 Sep 2020 20:23:52 -0400 (EDT)
Received: from imap10 ([]) by compute2.internal (MEProxy); Mon, 07 Sep 2020 20:23:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=oPQIO srQ3J+gyI4UHLx1OxBFwNATUJDeG5Tynbcw6do=; b=kCjBYQ8zXPLAUC6GSPRVG i6Jytu6Xn5JqL7gAV6CjsT1RcYVrQXaKDCLdryYgaSbo4O65etigfHxyiNCzxMHf sVtidT+MaYy6e4NI/+1VG8LJo7wZKM9srOMsvkPuwZDx9PqTOLZARmVESFMZvOxb bTIyOfLTjPHwlqbO82RV8ilxaTjuWTA3qxCJXcLY5Iih0P9/USjXCCR1pJ/fCdMN 8k7do7OaljC9JhAhBkhfESBVx00h5d8SSiQx84UxrNC+ABG05h1N7yaPc3nV0WvP f5ULhDOtBjcvsyxK0nbInMRgsXNvl19X92iElxBAp5JMetkG2bVSQuPCq4OIvJ/4 Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=oPQIOsrQ3J+gyI4UHLx1OxBFwNATUJDeG5Tynbcw6 do=; b=T/0NuKkuh0i28Ai1rVp5vIcEaBvFp7zMtYR+enz532UdH5m8CWyZ4RX0p 2SZUPkpuGqTb4anbCRTyU9txyKLPuSga0Kg+i3hZ2HqfkG73S9Uw/BDySdvttZq/ iFW5d1Wgs7ch3hIwSN59lZdIj3p/zontIXjO27+QPTwctpatQfS5g9+uM7D8Szd7 nVTnv7nI+RSif7lJX28e/cke02sLFDATQAP7mgXMovoz/a8Dpc+5C7cbz4ZfzQ8e q+M5xG3IsMmLdoRKd21OPEOx9yZRU4RBVr/myhy4ra6h0uEJqaoh4N37ckvCju4V YT63/QqVumLcxNn4baFHAzFpExk9w==
X-ME-Sender: <xms:F89WX__7GTIrpwPXooMv-6mDv4ou7nRIHgi8cIpGDYV3yDxfKJQvhQ> <xme:F89WX7uBgWZSSRGgC_dnQkFY6WM7Klnwjxc4jklFTUzrbpSXOMPXS8fGADcLZXmrp 91XnuK6_5QSQxNWDVg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudehuddgfeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepjefhffelheevudefje efvddvhfdvieetudehueffudevudeugeelfeffffelvdefnecuffhomhgrihhnpehgihht hhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:F89WX9CWdrkwr3-H4xAs6O3d3H7wOHa_nwlgzow4Uck-oOZ1xv9B7w> <xmx:F89WX7eCoC8NWDYXofC1UXiiMAxrnKP8YIl4-YJZKJIKzU0ThTUuXA> <xmx:F89WX0PWv-tkiVXvXrTfEsDxLMlTOD_XweQvJRbvASpGL1jTRubdXA> <xmx:F89WX6ZHCPJmcgVKBcE0jdKVz6nb2fzhAIJMwxMhQneTbIXUj5o8Bg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5D9D120108; Mon, 7 Sep 2020 20:23:51 -0400 (EDT)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-259-g88fbbfa-fm-20200903.003-g88fbbfa3
Mime-Version: 1.0
Message-Id: <>
In-Reply-To: <>
References: <> <> <> <> <>
Date: Tue, 08 Sep 2020 10:23:27 +1000
From: "Martin Thomson" <>
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: 1kFRQa-00064m-Eo e9729483be5198f513c537657a32cea2
Subject: Re: Time to refresh HTTP/2?
Archived-At: <>
X-Mailing-List: <> archive/latest/38031
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

Thanks, that's a helpful list.

If you feel like adding anything, I'm keeping a list here:

On Tue, Sep 8, 2020, at 09:41, Ian Swett wrote:
> I'd support:
> 1) Removing h2c!
> 2) Removing priorities entirely, but not adding anything new
> 3) Adding TLS 1.3
> 4) Adding GREASE, or at least clarifying the text to make it clear that 
> greasing is allowed, since there was some confusion on that.
> 5) Adding security considerations/etc for the Netflix/Purple Wolf 
> attack vectors.
> Hopefully, not much else, besides errata.
> Is the intent to change the ALPN?  Because given the challenges 
> GREASEing SETTINGS and various extension frames, I think that could be 
> helpful. +Bence Béky

I think that none of the above require anything that drastic.  What I would instead suggest is that the specification identify where there are challenges.   That is, it would mention that priorities exist, but explain that using them was not interoperable.  It probably needs to include the format of the frames in order to ensure that implementations know when to generate errors or not in relation to them (there are some MUST-level requirements that the unwitting might trip otherwise), but the semantic descriptions can be cut.