IETF Logo Mail Archive

Re: Question regarding HTTP/2, SNI, and IP addresses

Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 23 June 2021 08:56 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AA2A3A3020 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 23 Jun 2021 01:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.65
X-Spam-Level:
X-Spam-Status: No, score=-2.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iw10vgEOhdpU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 23 Jun 2021 01:56:30 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0523A3A301D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 23 Jun 2021 01:56:29 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1lvyfE-0006C2-Oz for ietf-http-wg-dist@listhub.w3.org; Wed, 23 Jun 2021 08:55:22 +0000
Resent-Date: Wed, 23 Jun 2021 08:55:16 +0000
Resent-Message-Id: <E1lvyfE-0006C2-Oz@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <ilariliusvaara@welho.com>) id 1lvyeo-00066f-Kd for ietf-http-wg@listhub.w3.org; Wed, 23 Jun 2021 08:54:55 +0000
Received: from welho-filter3b.welho.com ([83.102.41.29] helo=welho-filter3.welho.com) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <ilariliusvaara@welho.com>) id 1lvyei-0007E5-ON for ietf-http-wg@w3.org; Wed, 23 Jun 2021 08:54:46 +0000
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 3523A14FDD for <ietf-http-wg@w3.org>; Wed, 23 Jun 2021 11:54:32 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id Zx7Lr3z2HhT1 for <ietf-http-wg@w3.org>; Wed, 23 Jun 2021 11:54:32 +0300 (EEST)
Received: from LK-Perkele-VII2 (87-92-216-160.rev.dnainternet.fi [87.92.216.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id F3ED57A for <ietf-http-wg@w3.org>; Wed, 23 Jun 2021 11:54:30 +0300 (EEST)
Date: Wed, 23 Jun 2021 11:54:28 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: ietf-http-wg@w3.org
Message-ID: <YNL2xA/lQdIHdVTn@LK-Perkele-VII2.locald>
References: <HE1PR0701MB30500174B18EDB6C2704D15B890D9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <bc78d96e-d4dd-4a89-8937-165a2c9f86fa@www.fastmail.com> <20210623083046.GA558@nic.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <20210623083046.GA558@nic.fr>
Sender: ilariliusvaara@welho.com
Received-SPF: none client-ip=83.102.41.29; envelope-from=ilariliusvaara@welho.com; helo=welho-filter3.welho.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1lvyei-0007E5-ON dd02035c0f8204a19484bc0ac49f696b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Question regarding HTTP/2, SNI, and IP addresses
Archived-At: <https://www.w3.org/mid/YNL2xA/lQdIHdVTn@LK-Perkele-VII2.locald>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38937
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, Jun 23, 2021 at 10:30:46AM +0200, Stephane Bortzmeyer wrote:
> On Tue, Jun 22, 2021 at 10:55:08AM +1000,
>  Martin Thomson <mt@lowentropy.net> wrote 
>  a message of 20 lines which said:
> 
> > > The TLS implementation MUST support the Server Name Indication
> > > (SNI) [TLS-EXT] extension to TLS. If the server is identified
> > > by a domain name [DNS-TERMS], clients MUST send the server_name
> > > TLS extension unless an alternative mechanism to indicate the
> > >target host is used.
> > 
> > -- https://httpwg.org/http2-spec/draft-ietf-httpbis-http2bis.html#section-9.2-2
> > 
> > Is that clearer?  There is also similar updates to the HTTP core
> > documents.
> > 
> > The intent was never to prohibit the use of IP addresses as
> > authority.
> 
> What are the possible "alternative mechanisms"?
 
I am not aware of any such mechanism in TLS (since this is HTTP/2,
QUIC is not relevant). I presume that the primary intent of that
language was to cover ESNI (which would have used its own extension
for SNI). However, ESNI was superceded by ECH (also known as ECHO),
which still uses server_name for application-visible transport-level
SNI. Secondarily, such language would be useful if someone ever wants
to transport HTTP/2 on top of something else than TLS.


-Ilari

v2.23.0 | Report a Bug | By Email