IETF Logo Mail Archive

Re: 0-RTT Design for HTTP/2

David Schinazi <dschinazi.ietf@gmail.com> Thu, 17 December 2020 17:56 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D32D53A0E65 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 17 Dec 2020 09:56:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.747
X-Spam-Level:
X-Spam-Status: No, score=-2.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ES_9Rp0FLlUN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 17 Dec 2020 09:56:25 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95E733A0E54 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 17 Dec 2020 09:56:25 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kpxSc-0006Da-Kk for ietf-http-wg-dist@listhub.w3.org; Thu, 17 Dec 2020 17:53:06 +0000
Resent-Date: Thu, 17 Dec 2020 17:53:06 +0000
Resent-Message-Id: <E1kpxSc-0006Da-Kk@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <dschinazi.ietf@gmail.com>) id 1kpxSa-0006Co-65 for ietf-http-wg@listhub.w3.org; Thu, 17 Dec 2020 17:53:04 +0000
Received: from mail-pg1-x530.google.com ([2607:f8b0:4864:20::530]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <dschinazi.ietf@gmail.com>) id 1kpxSY-0001r6-5H for ietf-http-wg@w3.org; Thu, 17 Dec 2020 17:53:03 +0000
Received: by mail-pg1-x530.google.com with SMTP id w16so20814890pga.9 for <ietf-http-wg@w3.org>; Thu, 17 Dec 2020 09:53:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Sf6I0ETz3MkhGubspUO0Ctm38tDi+MCxHM+Pl13FoPU=; b=uYHKjXWANogSQ0LSQwfvaqRIdhqij3sz2h+XutwIWXyY1IfUsDJC1I50S/5dajtVYe iZJfY//g+rhsBcoOgtbR5NI4TauE+Dntg1mQEGU8WfenKncnbpYO9gYaVEICXfBVFRtZ qg+RWxTyeMndZmhbM0KvTlONJ3dEVtevcX9LEj9ZB9T3XLx15yhVwdfYDTVK3Gvuvv0S 5gMYYVnjCLQkK2n6i1MwGrNDmLipIzBAgRAHY+2Xr1FpuORPwVYQHCQLXGDp94tNb1im 39X4uTPaiLCunSWewEUEkN0q9VHsBO/byGsOf0FK8GUbZ3PQq1zwZ9fQPKwH1umCngHh 2rcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Sf6I0ETz3MkhGubspUO0Ctm38tDi+MCxHM+Pl13FoPU=; b=SaBmGgODlyxGRJ2OlaJAxHulvuTrJ7QZPdJK6+abdp8MyqyFeREFVGjRBe3sjqTzFj GMkMQsAl3ISL7l4AJ/sx1q8QQRcpMxga9/7G7m5m7pw5/aFwVgHo09b/1CPBgieIKw+8 70sZnbtdkAyzGvyGJZW7jplouhqbSAeJT7KcyV5Cs4fYhlkSs+JeKmLR7nfv8Ms4BL1X 9uD4xJpdkJcxekMzEv62fgXpiqH8ScjvErBRdsN+sDTgMw2c3xGOpDmGdiqFZuMzrQxI KmM24+EJOnKFZoUdU0nrFEzuheKgOoDuH31macfiGVGvZGGIkHFkkECLP5OGrKWg/vwh CUpg==
X-Gm-Message-State: AOAM533Et4PbntxDtkiFCoPPqzMf+086QgsoifCrI5bWXRxLoEGJ+1lM ph4m0NwxtRgh1Iir4QVn4ScekjBCoxexVRldo1UWn2vNtAU=
X-Google-Smtp-Source: ABdhPJzisaW6IFBufITRvADYItIIZkr/yrBP27LNCqMBIX27kLCFHgJ10grjRTT8FFVYxIe7YQaKCFDi+9ORnrtDSXA=
X-Received: by 2002:a62:c504:0:b029:1a5:b198:18dc with SMTP id j4-20020a62c5040000b02901a5b19818dcmr381224pfg.79.1608227569110; Thu, 17 Dec 2020 09:52:49 -0800 (PST)
MIME-Version: 1.0
References: <126ee381-7828-451f-865a-db6357928243@www.fastmail.com> <CAH_hAJEmDzfsQQ_V9vpFkGAZcXHtfKzfSDM0r6WJERb6y0_qMA@mail.gmail.com> <CAKcm_gP=2uix9wd_uOw9JgR2OeobNPAdR4s7Sp=r6CEUEng58g@mail.gmail.com> <CAPDSy+55brsH9c_RkvmjzFX6CmKu10go2_G-w2Ub=iO2LZjpbQ@mail.gmail.com> <0adce792-13b3-4e87-a31e-6d3bc4cd5367@www.fastmail.com>
In-Reply-To: <0adce792-13b3-4e87-a31e-6d3bc4cd5367@www.fastmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 17 Dec 2020 18:52:37 +0100
Message-ID: <CAPDSy+679vPFKaHAuYWqV+bd6tmYLARboiSQS3hVYo6SV2USPw@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000f9934805b6aca8e9"
Received-SPF: pass client-ip=2607:f8b0:4864:20::530; envelope-from=dschinazi.ietf@gmail.com; helo=mail-pg1-x530.google.com
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1kpxSY-0001r6-5H a219cb0eb3e92664ad5288af3405b900
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 0-RTT Design for HTTP/2
Archived-At: <https://www.w3.org/mid/CAPDSy+679vPFKaHAuYWqV+bd6tmYLARboiSQS3hVYo6SV2USPw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38316
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Martin,

Could you please elaborate on your statement "My view is that we can't
really deploy ALPS in an incremental fashion for HTTP/2.  Part of what I'm
looking for here is an incremental solution."? I'm not seeing what makes
your proposal more incremental than ALPS, so perhaps I'm missing something
here.

David

On Thu, Dec 17, 2020 at 2:46 AM Martin Thomson <mt@lowentropy.net> wrote:

> Mega-reply...
>
> On Wed, Dec 16, 2020, at 21:33, Cory Benfield wrote:
> > I am somewhat nervous here about how many servers will implement this.
> >
> > Typical OSS server implementations have a somewhat arms-length
> > relationship with their TLS stack. This tends to mean they don't
> > actually know exactly when new session ticket messages were sent.
> > While this is not a hard limitation (OpenSSL has the requisite
> > functions) it's the kind of barrier to entry that could be quite
> > awkward. This may also lead to limitations in how many HTTP/2 stacks
> > go through the effort of implementing the extension.
>
> So there is a lot of text here, but it is very easy to implement the
> server side of this if you don't change settings often.  Just set the value
> to 1 in the preface and remember those values.  Confirm that the TLS stack
> isn't spitting out session tickets except during the handshake (which is
> the only place they appear in TLS 1.2) and you are good.
>
> There is a risk with TLS 1.3 that sending session tickets might take some
> time.  This depends on things like ticket requests with large numbers and
> how the stack schedules those relative to application data.  Basically, you
> need to ensure that you delay any changes to settings (changes you might
> not be able to synchronize with ticket issuance properly) until you are
> reasonable sure that tickets aren't being sent.
>
> BTW, I like how NSS manages this, and not just because it's my code :).
> NSS makes it the responsibility of the application to send extra tickets
> [1].  It might send one, but that is sent ahead of any responses you might
> generate.
>
> Short story: I believe that it is easy to implement this with TLS 1.2; TLS
> 1.3 might take a little care.
>
> [1]
> https://searchfox.org/nss/rev/51b18ad6c1e627ada90028df9062f7200f7cec94/lib/ssl/sslexp.h#245-264
> (I really need to promote that one from experimental some time.)
>
> On Wed, Dec 16, 2020, at 23:34, David Schinazi wrote:
> > If there's energy in the community to improve HTTP/2 SETTINGS,
> > I would personally prefer to direct that energy at also solving the
> > "not having SETTINGS when sending the first request" problem.
> > Once potential solution is ALPS [1]. Would it make sense to join
> > these two efforts to ensure we fix SETTINGS for good?
>
> I'm glad you raise ALPS David.  My view is that we can't really deploy
> ALPS in an incremental fashion for HTTP/2.  Part of what I'm looking for
> here is an incremental solution.
>
> I do see the possibility of just trying ALPS when it is available.
> However, I think that is enough of a different protocol that it requires a
> new ALPN to go along with it.
>
> I've watched the discussion regarding the possibility of defining a new
> ALPN for HTTP/2 and my sense is that there isn't overwhelming support for
> the idea.  If we had that support, then it might be good to try to fix ALPS
> into the design of a new protocol, but that isn't how things appear to be
> going.
>
> On Wed, Dec 16, 2020 at 4:31 AM Ian Swett <ianswett@google.com> wrote:
> > Before we get to that, one Q on deployability: Does the working group
> think enough of the ecosystem can handle this new EARLY_DATA_SETTINGS
> setting?  If no one sends it, even if they support the functionality, it
> sort of defeats the purpose.
>
> Good question and worth answering before considering this.  I think that
> the work Bence has done here shows that there is some hope of success on
> this front.  That goes back to the "new ALPN" question.  I'm reading a
> pretty strong desire to fix "h2" rather than give up on it, but I'm sure
> that everyone is open to conceding that the bustage cost is too high if
> that is where things stand.
>
>

v2.23.0 | Report a Bug | By Email