Measurement of H2 ORIGIN Frames, revisiting CERTIFICATE Frames?
Sudheesh Singanamalla <sudheesh@cs.washington.edu> Mon, 26 September 2022 13:05 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17CACC1522CA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 26 Sep 2022 06:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.458
X-Spam-Level:
X-Spam-Status: No, score=-7.458 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cs.washington.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YjdZZH_eVZay for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 26 Sep 2022 06:05:10 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3090C1522B5 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 26 Sep 2022 06:05:09 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ocnkK-005I4U-LV for ietf-http-wg-dist@listhub.w3.org; Mon, 26 Sep 2022 13:02:04 +0000
Resent-Date: Mon, 26 Sep 2022 13:02:04 +0000
Resent-Message-Id: <E1ocnkK-005I4U-LV@lyra.w3.org>
Received: from www-data by lyra.w3.org with local (Exim 4.94.2) (envelope-from <sudheesh@cs.washington.edu>) id 1ocnkJ-005HwG-3d for ietf-http-wg@listhub.w3.org; Mon, 26 Sep 2022 13:02:03 +0000
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <sudheesh@cs.washington.edu>) id 1oclJv-004xIE-NJ for ietf-http-wg@listhub.w3.org; Mon, 26 Sep 2022 10:26:39 +0000
Received: from mail-oa1-x2e.google.com ([2001:4860:4864:20::2e]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <sudheesh@cs.washington.edu>) id 1oclJt-003fWR-U0 for ietf-http-wg@w3.org; Mon, 26 Sep 2022 10:26:39 +0000
Received: by mail-oa1-x2e.google.com with SMTP id 586e51a60fabf-12803ac8113so8606939fac.8 for <ietf-http-wg@w3.org>; Mon, 26 Sep 2022 03:26:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.washington.edu; s=goo201206; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date; bh=dAqu55slleE4TG+nI8WkEA/3yrAkhCOhEf9f8fI1194=; b=Ayfxdb/FwBaeyXo/xvhlZqz+wYG1rY0BptpFBDf63q6TvqpHBgJ2+zgn2GZbz4dFc4 D8qJrJdjsF2Nhs3MI8YB6aP57fnKhznva8FARLXwOSW+fhWqFs5XVF2UB9gAiYkrZW6N f3Xri6Fk3VFBmIKZ2Fk7I7ZWuTGP/9HAxXapY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date; bh=dAqu55slleE4TG+nI8WkEA/3yrAkhCOhEf9f8fI1194=; b=M9xV/Y71sPvbjKbsptrh+Wk0zBoGgbGtIMsJv3Xrk7fP9fdf/QXkiJ7poVkA145sv4 G0GrnxYx70fsh+ug6k9V/bhcv1C/kGG54j9JFUB1d0KaJ7H2XBhrL0QL6f9FjdR6/M3o r5OoydCaXTxdoUn18QY+LQqBzx2umWGbalXYzwRRcfiUwPdOe/zj2VVWCbzEn9zLPsRl 5AeCjLAhcNUBIIdqAosto5dkI3vQVX2FcpuJFySmM+BB5oTAY/Sli7UrMJhcluIGshKK 8N0YGmuelA69b2RcCuOusIhwpjecoMS2staF9gEF/kC6Y6rf6jr3AwrmxiGIwal+HRXC d8rA==
X-Gm-Message-State: ACrzQf0bREDRveKFTLzMa2zgQsSuZ3IVWA3K1pBYBLaFSoIRWRLHVJ4W odJqBHoo1GPCEHSychNOJwmpbq9Q4asZbvHxgK9hkUUQga0oVw==
X-Google-Smtp-Source: AMsMyM6LzVNNgDq9slfr66VNGmtEXQk+lHln/6ICHjCp4Y8eFcGtC6tEErouoiYE4f77jmJ/2/rFsFMI/Z9ATWCVYpg=
X-Received: by 2002:a05:6870:f61e:b0:12b:3ba7:701c with SMTP id ek30-20020a056870f61e00b0012b3ba7701cmr17364808oab.173.1664187983275; Mon, 26 Sep 2022 03:26:23 -0700 (PDT)
MIME-Version: 1.0
From: Sudheesh Singanamalla <sudheesh@cs.washington.edu>
Date: Mon, 26 Sep 2022 11:26:12 +0100
Message-ID: <CADyOdHsC-dbDJ8GUnxGF8G55eEg=wi7PruYbnTcNNU3cH4j8Og@mail.gmail.com>
To: ietf-http-wg@w3.org
Cc: Marwan Fayed <marwan@cloudflare.com>, Jonathan Hoyland <jhoyland@cloudflare.com>, Kurtis Heimerl <kheimerl@cs.washington.edu>, Chris Wood <chriswood@cloudflare.com>, suleman@cloudflare.com
Content-Type: multipart/alternative; boundary="00000000000095417b05e991f54f"
Received-SPF: pass client-ip=2001:4860:4864:20::2e; envelope-from=sudheesh@cs.washington.edu; helo=mail-oa1-x2e.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=sudheesh@cs.washington.edu domain=cs.washington.edu), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.0
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1oclJt-003fWR-U0 62088336b27c1c54cf02713f27621d0f
X-caa-id: 44b22beaea
X-Original-To: ietf-http-wg@w3.org
Subject: Measurement of H2 ORIGIN Frames, revisiting CERTIFICATE Frames?
Archived-At: <https://www.w3.org/mid/CADyOdHsC-dbDJ8GUnxGF8G55eEg=wi7PruYbnTcNNU3cH4j8Og@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40411
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hello everyone, I would like to share some work from Cloudflare that may help inform ORIGIN Frame (and by extension, CERTIFICATE Frame) and, if there is interest, also present at the upcoming IETF 115. Cloudflare has been experimenting with H2 ORIGIN Frames <https://httpwg.org/specs/rfc8336.html> and recently published findings, experience, and insights in a paper to appear at the upcoming ACM Internet Measurement Conference <https://conferences.sigcomm.org/imc/2022/>. Here's a link to the preprint of the paper <https://files.research.cloudflare.com/publication/Singanamalla2022.pdf> in case you're all interested. Overall, the key observations from our work are: 1. Large-scale measurements indicate the current ecosystem has lots of opportunity to coalesce connections with ORIGIN, with only small (1 to 5) additions to certificate SANs. 2. The immediate motivation to support ORIGIN frames should be privacy, followed by opening opportunities for resource scheduling at the endpoints (e.g. prioritizations and early hints) that is not violated by competing connections for those resources. 3. Perhaps counter-intuitive, performance should not be assumed to improve but results suggest no worse is appropriate. Servers, of course, may benefit from fewer sockets and connection state. 4. Non-compliant network stacks do exist in the wild which might not drop unknown frames and result in tear-down of the connections. All told, we feel these results might bring attention to ORIGIN in H3 <https://httpwg.org/http-extensions/draft-ietf-httpbis-origin-h3.html>, and maybe, too, revisit the CERTIFICATE frames <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-secondary-certs-06> draft. Thanks, Sudheesh
- Measurement of H2 ORIGIN Frames, revisiting CERTI… Sudheesh Singanamalla
- Re: Measurement of H2 ORIGIN Frames, revisiting C… Peter Lepeska