Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00

"Martin Thomson" <mt@lowentropy.net> Thu, 05 September 2019 03:51 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A399E120B5E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 4 Sep 2019 20:51:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=rIEDbGsv; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=gftCXsJ8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BoGitd4IHobj for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 4 Sep 2019 20:51:01 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFCB9120033 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 4 Sep 2019 20:51:01 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1i5ile-0000Wg-VM for ietf-http-wg-dist@listhub.w3.org; Thu, 05 Sep 2019 03:49:06 +0000
Resent-Date: Thu, 05 Sep 2019 03:49:06 +0000
Resent-Message-Id: <E1i5ile-0000Wg-VM@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mt@lowentropy.net>) id 1i5ilY-0000Vj-SQ for ietf-http-wg@listhub.w3.org; Thu, 05 Sep 2019 03:49:00 +0000
Received: from wout1-smtp.messagingengine.com ([64.147.123.24]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mt@lowentropy.net>) id 1i5ilX-0004t4-0S for ietf-http-wg@w3.org; Thu, 05 Sep 2019 03:49:00 +0000
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 10EA5496 for <ietf-http-wg@w3.org>; Wed, 4 Sep 2019 23:48:37 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Wed, 04 Sep 2019 23:48:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=F1wTyfBUnTdkPJ/3wcZ3PN9bkb0WcyV 6jjIhl3uPOoY=; b=rIEDbGsvexLsFPdEe801nyF+Nhkw/GxIQ9Ew1Dqb00PVxhx SbBIpeuZocQzvXwnVFzf5BwIFbb04wl3RtSVsWXdXvtT78PNKolmH5gCyBYYItZD iPVEFQFI3DB0YCslBy8gSZIF2ytdDFS0u67fGatwvJx+IMxpWlbTtRi+yjA61rD1 R7wq4bNDrGivkPliMjsbhdsntxg176QXuwKe/BzlHLKBa3qMPd8ByKllcrLJt+rs GJ8BrkE0FSibhFdXqqjyHWgl+7gbiaQgD512mEnQFV3oOCGkSKfSr+VlDiv9Bp5O toRVSRuPXsQkbp6hNOTnDHDu3EyqUjOnie/Jp3w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=F1wTyf BUnTdkPJ/3wcZ3PN9bkb0WcyV6jjIhl3uPOoY=; b=gftCXsJ8KnYVp9PrLe9ngo 1ndk81XUrXHss2SisN81dN37O0Rd+REB+ZMNC/8+hceTjh56invjOLIjHHkRzM+f gGn6h8Xj2MJCIUPJyn0hiHzTYX1ZHbFWmb0eZrHBeTiZwUep5MI/XtYSGgH0PpUj bzZJG/WawIq81R3M+v5ocnQvsayUeKCmBEM3htjRxylxkZdgZ72VPVuSxdd8wzTJ kfJFQdNL0PdpoczS4kQG+QHNFkJfMSLA4Z9IqdUTnvse60PIS431+OeA4DfWvnuU jupi0QEUxOALdtkK7Ec4NKzMu+eqhemj6WMyBfhOVxtj97+lxkz5j+XSAsKS0sIA ==
X-ME-Sender: <xms:lIVwXdyECXsJ4QMKW6yP4uK_NxCOQic99JUBO0ov2eIrzEMZO8OYpQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudejiedgjeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgpdhmnhhoth drnhgvthenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidr nhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:lIVwXchx8VfkC6uA4dvsCWXewwaL2hGEAi9-76MNfWP4W0MWe9_5Kw> <xmx:lIVwXaIWxswsrncNlUkUu-rssFfjGTZlaigH7JmCaIjB2z2cK0iWYQ> <xmx:lIVwXXAG1_5xLH10Tbs7mPcmRELCuNDJRh_6L15wXzVdcmow3bGJzg> <xmx:lIVwXW-jdCiJ_EdxWHFwMXQe8vaEoETOYzEKQ0Jyg12LJXNOa2nxaQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 17890E00A3; Wed, 4 Sep 2019 23:48:36 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-186-gf4cb3c3-fmstable-20190904v1
Mime-Version: 1.0
Message-Id: <9cadc50c-4e5a-434b-90a2-dbcb71720567@www.fastmail.com>
In-Reply-To: <36F559DD-7E4D-47FE-ADBF-423D09FE5AA9@mnot.net>
References: <36F559DD-7E4D-47FE-ADBF-423D09FE5AA9@mnot.net>
Date: Thu, 05 Sep 2019 13:48:13 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Content-Type: text/plain
Received-SPF: pass client-ip=64.147.123.24; envelope-from=mt@lowentropy.net; helo=wout1-smtp.messagingengine.com
X-W3C-Hub-Spam-Status: No, score=-3.6
X-W3C-Hub-Spam-Report: AWL=2.240, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1i5ilX-0004t4-0S 980e8b69d5b4fbc76b11053762518ba0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
Archived-At: <https://www.w3.org/mid/9cadc50c-4e5a-434b-90a2-dbcb71720567@www.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37003
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

LGTM.  With a possible suggestion.

Having just re-reviewed this concise and well-written document, and in tripping over the KeyUpdate piece, I think that we should have more general language about post-handshake messaging in TLS.  Anything that is strictly TLS-specific shouldn't be prohibited by this, but it somewhat implies that.  For instance, the heatbeat extension should be permitted.  

Maybe replace the language about KeyUpdate and instead say something like:

```
4.  Other Post-Handshake TLS Messages in HTTP/2

   Section 9.2.1 of [RFC7540] does not extend to TLS 1.3 messages that are exchanged after the handshake is complete.  This includes KeyUpdate messages, which only affect TLS itself and do not require any interaction with the application protocol.  HTTP/2 implementations MUST support key updates when TLS 1.3 is negotiated.

   Unless the use of a new type of TLS message depends on an interaction with the application layer protocol, that TLS message can be sent after the handshake completes.

   NewSessionTicket messages are explicitly permitted.  Though these interact with HTTP when early data is enabled, these interactions are well defined in RFC 8470 and allowed for in the design of HTTP/2.
```

I realize that this is a change, but I want to ensure that the TLS working group doesn't have to come back and update this document if they decide to add some messaging that only affects the operation of TLS.

Cheers,
Martin

On Thu, Sep 5, 2019, at 13:15, Mark Nottingham wrote:
> David indicates that he thinks we're ready for WGLC on this document:
> 
>  https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00
> 
> Please have a look through and bring up any issues here or on the 
> issues list, and please indicate support (or lack thereof) for 
> advancement on the mailing list. If you are implementing or intend to 
> implement the specification, that would be useful information for us.
> 
> WGLC will end on 19 September.
> 
> Cheers,
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 
>