Re: Proposal for Creating Reverse Tunnels, for HTTP and TCP (Fwd: New Version Notification for draft-kazuho-httpbis-reverse-tunnel-00.txt)
Ben Schwartz <bemasc@meta.com> Mon, 26 February 2024 15:41 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34049C151524 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 26 Feb 2024 07:41:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.844
X-Spam-Level:
X-Spam-Status: No, score=-7.844 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="PT1VknHm"; dkim=pass (2048-bit key) header.d=w3.org header.b="dwc89xw/"; dkim=pass (2048-bit key) header.d=meta.com header.b="lsen59sH"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edkXQdDi2XsS for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 26 Feb 2024 07:41:26 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD28FC151091 for <httpbisa-archive-bis2Juki@ietf.org>; Mon, 26 Feb 2024 07:41:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:MIME-Version:Content-Type:In-Reply-To:References:Message-ID: Date:To:From:Cc:Reply-To; bh=oeI6ZX4Qo4HgPCsWJe4PkuRbDIDBcifjye+C/8/rsk0=; b= PT1VknHmA6dyDQjOyT+NvgDbnIoifScY4i5MRSJP7bBgfcqe+yfvx1VlaG7EaPWZvlDAkla8x/f4X rTDAhkYis/km93RSKdGpSVt/B+qhj+4ZDx9yv5kaNl6Eq0pYguGSBg0lEZAvPAzdoA+/V5jk9W1qX QTmd7x3fVbqrOokI+HRd78R1BiAG7YNpeetEu7WWmzN+M2xZNMANpT/68twIWGPhL+aJ5+AGbC+Ht lv0FBOoySdsKYvU3/nn8kGG+R0BmWCCnbnd1q/B9EkcUr1hXDIanhEF9D4oz95Hhm1wlnmOhcWCfC /dDsTb8seIlwfUe45tc/k3QTpOKmOIp85Q==;
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1red6K-00H2vv-U1 for ietf-http-wg-dist@listhub.w3.org; Mon, 26 Feb 2024 15:41:08 +0000
Resent-Date: Mon, 26 Feb 2024 15:41:08 +0000
Resent-Message-Id: <E1red6K-00H2vv-U1@lyra.w3.org>
Received: from puck.w3.org ([34.196.82.207]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <prvs=77865ec1e6=bemasc@meta.com>) id 1red6I-00H2uc-AW for ietf-http-wg@listhub.w3.org; Mon, 26 Feb 2024 15:41:06 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=MIME-Version:Content-Type:In-Reply-To:References:Message-ID:Date: Subject:To:From:Cc:Reply-To; bh=oeI6ZX4Qo4HgPCsWJe4PkuRbDIDBcifjye+C/8/rsk0=; t=1708962066; x=1709826066; b=dwc89xw/QFqxHBqhdiOK7TZdaXWWNdTR0VPr+aa+teI+/pv lL8RXVBVs67ZDyZkK6Vb6rWpZkA2mbYc7QhlzLncN4kf3g+IP6m4nNtINjI9krGR+IialHILYfXOq IM+iOz6MzNt5mXZl92E+FIqUD6Rkd8wnVlVeWX1UQ+rrUHoXz0SRJcV8pTEb1yFra9VBfXUYqfOjR 7moidL3ZQpXUgj6d9QPc5AkAisbelawwm4PkrOGsOjwEPEHd3dN5+cHrswSdD1yPMv/AXp5Z48bq/ TWPTPDlmU9tMtsYGW349DMAGvi1Hmt1MHLSdsOeTRkgJ+jTstvMX4n5oWJ2qAVfA==;
Received-SPF: pass (puck.w3.org: domain of meta.com designates 67.231.145.42 as permitted sender) client-ip=67.231.145.42; envelope-from=prvs=77865ec1e6=bemasc@meta.com; helo=mx0a-00082601.pphosted.com;
Received: from mx0a-00082601.pphosted.com ([67.231.145.42]) by puck.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <prvs=77865ec1e6=bemasc@meta.com>) id 1red6G-0027dH-0e for ietf-http-wg@w3.org; Mon, 26 Feb 2024 15:41:06 +0000
Received: from pps.filterd (m0044010.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 41Q5jHUg023203; Mon, 26 Feb 2024 07:40:59 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=s2048-2021-q4; bh=oeI6ZX4Qo4HgPCsWJe4PkuRbDIDBcifjye+C/8/rsk0=; b=lsen59sHVxLjEEVdGcDSdgI9Pz6fijSpZGljQn4SMQfohqZKvT5P4AnubX1aN74A13FJ SPsrwLR/QW9zh1qVClfEHrCbWTknoeiNHJtSfwVLDDUSfEoOI3GqjWY4y5HUaydGzW5o QU5uSt/EBi5J8e8LXxUaJF7YKWKgSFb9ffEz+WdCz3HOOg3JH6a7YZmdAN2t4okcwPsI a19Mq64vM8VeQgqKL9mg+mgyBzoLkjBEnAupTJ8kmdt1OMKbjI+rBPFamPV0A3Xrdo7W zaLNyiMqpGKxVyX2XHtmLG6Ww4ACtv2aiIdzeBqO4kIq8unQVc8NZzs86Ugob8uLOGXX EA==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2040.outbound.protection.outlook.com [104.47.66.40]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3wgmrj2d42-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 26 Feb 2024 07:40:58 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=drG1H9RgTsLXhDxaGhzCCQE9Hm/qQLP3epOifQIRO8MQdDX8Gd4h8uWIbDt4awHoqkz7D/0B5NKLFljUPHegSPMcrlCGSyt6ay2xG/URp4jK+DTFdSIF4Wuk81HU7XrS4TK3hdJcLVDvER6zAmcMUhiOU9PFT5ppuuFulwGuRxL5/WLMyLQI3vuKbJA5Ayh8EvAZWVkNREguggQ71GmYyDku+W73bqGHMSz6rFdAdEzjDYaI6oDPw0dbKehBrgoFAc/Xq1BYR68pmme/y1ByHXi9fdXTLwprpoNkiVk9KH64BWFpNUxI6cZBujuxxCqeR741fdTVdA/MoPlRuf2ZnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZzB5MwOeOnVnbCo2WI9tmRSyQYaxT6l6xG6LRgrKuws=; b=eu+cRQ/TvTn+T5OqmECTWnk3E+2QCRmy4e/GWXRhzmhveyMQLgK8nWJMNwmHwelvls0s8Bp0MywCeOgrlo4sffUHQ8QMV4UON+3lV+h59v0x7F1ccDwPGAmB54zcuAWYFVjqpyr+ZzJCwh875kJsswE6l92a201IKOsCO9Oenmtwy4M1mSIFZO+UA5AYOZquW6dwdjKh+NBMSxUhicktE4+CTjFFyipcHvqUR0E/XG+2l0oG2rTZh47WSrHqAWmMAqjBiER4jvAVew6vnsn9+wI+ogzKZOSW4IDvC1Rf0L1fbs+W6PWSii+otSdc9/UUsGQdDyqdetUeLYyFdr3URA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by SA1PR15MB5820.namprd15.prod.outlook.com (2603:10b6:806:330::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Mon, 26 Feb 2024 15:40:56 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::ffaa:9636:489:7b1]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::ffaa:9636:489:7b1%7]) with mapi id 15.20.7316.034; Mon, 26 Feb 2024 15:40:56 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Kazuho Oku <kazuhooku@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: Proposal for Creating Reverse Tunnels, for HTTP and TCP (Fwd: New Version Notification for draft-kazuho-httpbis-reverse-tunnel-00.txt)
Thread-Index: AQHaY6ZhvdifXzgsuEaL/EX+ECEmFbEcyfnI
Date: Mon, 26 Feb 2024 15:40:56 +0000
Message-ID: <SA1PR15MB437009B91688055243847BDAB35A2@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <170839651236.24815.18130483846873637989@ietfa.amsl.com> <CANatvzyhBNpYT42ChnAte=-cQGRSA9iN-iot4hZsHN8ESW3CWw@mail.gmail.com>
In-Reply-To: <CANatvzyhBNpYT42ChnAte=-cQGRSA9iN-iot4hZsHN8ESW3CWw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|SA1PR15MB5820:EE_
x-ms-office365-filtering-correlation-id: 55eeb720-07c7-4139-0d3e-08dc36e152de
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: C+2y50bgtu7jZG1HMF4szdSpDFSXCAfM0MHCKkoyjakiNZpGymG9irgLRnoPT8Dsre7pUBXK70YDa+XOp6aRjJ4CpkbHzFaads5khGst2ym6Wol1OOzgA5I6MMvOSFvdrmtItc763DYFHiWEL13DFlCay877FNYHvlkf3qYD2tgU/QS69XdcyhvlYstvdM8V3xqerIZ2HajNYHZSGOkLZSwZiDR8vv+92rSkh7NDZjKvrsgoepcvV2WrEgltEctfmek4ixI8YfkOGSnVk/6HmoEfU848KjQ9gWAbWJjZCoNkCtvPHl+iqcWxb6uGjvjxFdczAexc0ivY5JZv/LhkEPSRSG46mjGZ5IJWvc3QpYk1JkUmNYNSEaeZWkxPPwpJGJa8KYPTdfxa/l/BqB2jHJMBQ0qgTMg2i5rTDXnSFQlySbuXRA9uUq9+k0G6X9K4A2N6bG/mZLEN7p5TVQO9X8ZJgPhGCGwk3PZCVtWGXTDadtW3bbGYjEDpGESRkBzD2c87Er9fqtCyrconDIODCyjuTZnIuNxvzMuJRW3mP2zXF8v1QCkNw+jYoGNR5jhcaWhVXHjbNcU7Fpnps7D8drSiy29jX/4MTYO9WcqzcbceOCib6ffZozvypLvNyA/y6WAXe3Uxnp4ROUIoIOGRo9KYlij76rbXKhy8F8dvKBF5ewnvKzwIjNttdiNPfb3Ys56WzBBevEmFQinpNqxlcKn0TWtAyguZQ/NXy12Rg7A=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR15MB4370.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(230273577357003)(38070700009)(3613699003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YRHLUdko/8shy0l7aq2wb//pJV+NQbX8bkxU3FGVADDWDEnDVmjURPbKNtAti/glMRZtH9mdex3u8Iu/vle+KdswKC1GZOt38td1TPJeYlEQYwY79rSdyuv+2otVe+Kb0zHjIkfAaroPsN30W5cqrLs+K8y2RmL+PAWmsJMe1xY4Q6Xvm+3HmikB3BikYyyvERYc76xnvmwDiQeepgXJepepWetEZsZ+DpbssnNfbtmlvvc3Z84JTjGp9aGuleDSro/fz9pRFYhTQ1pbuuJ/REAlmJkJHUOzG+PtQUl37VDssyjpPRjPKzkF0y7/rsQY8IgSY4EQVUqZ7aUsyLpnCRG2p9xBM3F7+UHIMzxh2WqcV325jn201JS1GvfqsF0tsKNSuO5qohGXGLTsx32Cb06YsiXoT9Js3/fQioRE+vO+S+XV+WmRRyCUlQH2/ACs2bbjzPOI605cs/NS/xjqPP4SQTY02b7ybbKdGxvOsyQ2dZoUt76um7DMs5n/0O0CBKjgRXQ7H5EnEdsw9trmlGfG25Daa4vPfjTGQK+JvIXJnQl2enEM98zqKYxSGSm3m7qrv3k6VSfMmah5Je32VKlmgoHAtcrWZJTcZCtGQ6QqCawf4kEugc/G83f6m/4MhmQQJaMQCGsfAHc5jPbiKuGuN5K+isA7kgaOBO938jf/84wkao43VwFv8L2vm6exzebX4B86pdzhyyhRqX0kRobD6a5MGgZ2Tw5FHTRmi3HMuCM83s6Obvu6dkNsQ/QCd4fNfztvkARfS2pyjUUHUDSqzatgPOEv6o41ycCFNbZ9VzybFjVWHlTBiHjjcvZFCS622KmHl8NNzzuxW01tf5DPE9FpowPK04Ac8u/KfvzJDvYRbeC6Io76gnZko/0vTZKOe9GYmgc9Soe7nTKrm+p2Nx0FQewh6KzIKOGx/UPNd4pXM4xE0qJA68HFpCihYub5RxBBPetxYLJGmUXvZeym10id7GkeS7XaBl8Z0lxK35V0Hajn53TZo31gMwD+uZnqLURgTym/JH0G8NKu2Htbg73YTj/Yw2jip8Qty5nX525TbKSL7U8nlOC3VCe/8+CW4Q6nUQb0o4SJmfTDyCQaqfC4PuNBRfS2jmHQ1McqjyzyMzYYWavPaMxEPgvLrxRr5gcpbqrtgHiecDfNxEHkve0v3g/2zx47niQ4Np8B6835V0cC1G+nof+tB6jSbyCusKFBM0XyTCtlAZtXS3U7HesUlQ9UiLS8BZ4JroMDBhNNfiJEJrL0hZNtULPKplPsaDY2zOk7nBgm+x9xeavHpX6jyDlolfgb9lRbElNHbSefVARnBTdF5OXAAinMGSlHgLo+ioD90dZznNwHvSflttX3aTivFNP4SnJi0G9K7B9of5rv64YBKh7EDUByCvR63D7iku5QvKvzeoZSsK0X6zblzgoy+7B7tTkdPgWBQPyqd6HUxVyQx+RDvbXjLUG7uh4OqZBMsGh0adhNRHp8G4yvavmpNE7bUL5pCEoKvrF0Gzjnu82o9YxNR3BsK2EHJZqpd3FneCLO0JKui/bIgRzgvfJTGdT9WW0YwnSKTeXilbydVMPLB24DDM+j
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB437009B91688055243847BDAB35A2SA1PR15MB4370namp_"
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 55eeb720-07c7-4139-0d3e-08dc36e152de
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2024 15:40:56.5484 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: arjwq8yjcABhf/LGn2Wjt+jMeqPQ9dAo+ATOwNX0rYc65O8+ExkS5ICsz3bJUAO6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR15MB5820
X-Proofpoint-GUID: RuPsOayCJG2uqATvdEuWk_93_a5xhm6H
X-Proofpoint-ORIG-GUID: RuPsOayCJG2uqATvdEuWk_93_a5xhm6H
X-Proofpoint-UnRewURL: 12 URL's were un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-26_11,2024-02-26_01,2023-05-22_02
X-W3C-Hub-DKIM-Status: validation passed: (address=prvs=77865ec1e6=bemasc@meta.com domain=meta.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: ARC_SIGNED=0.001, ARC_VALID=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1red6G-0027dH-0e 8c44c860ec705f5894b3220452f6c755
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Proposal for Creating Reverse Tunnels, for HTTP and TCP (Fwd: New Version Notification for draft-kazuho-httpbis-reverse-tunnel-00.txt)
Archived-At: <https://www.w3.org/mid/SA1PR15MB437009B91688055243847BDAB35A2@SA1PR15MB4370.namprd15.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51833
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi HTTP, Kazuho and I had a longer discussion about this proposal. I think it's interesting, but I'm not convinced it's a good basis for standardization: 1. In the "reverse TCP server" use case, this design requires the backend to open up and maintain a huge backlog of hanging GET requests to accommodate any spikes in connection attempts. This seems extremely wasteful. 2. For "Reverse HTTP", this design doesn't extend to HTTP/3 in an obvious way. I would like to see a unified design for Reverse HTTP that spans HTTP/2 and HTTP/3 (and preserves the performance and functionality of HTTP/3). There are a lot of possible ways to solve these reverse-connection problems, and I'm glad that we now have a few ideas about how it might be done. Hopefully as we explore these possibilities the right answer will become clearer. --Ben ________________________________ From: Kazuho Oku <kazuhooku@gmail.com> Sent: Monday, February 19, 2024 9:40 PM To: HTTP Working Group <ietf-http-wg@w3.org> Subject: Proposal for Creating Reverse Tunnels, for HTTP and TCP (Fwd: New Version Notification for draft-kazuho-httpbis-reverse-tunnel-00.txt) Hello folks, At the previous IETF meeting, Ben presented the “Reverse HTTP” proposal, which can be found at: https: //github. com/httpwg/wg-materials/blob/gh-pages/ietf118/reverse-http. pdf. When we discussed the proposal, it seemed that there ZjQcmQRYFpfptBannerStart This Message Is From an External Sender ZjQcmQRYFpfptBannerEnd Hello folks, At the previous IETF meeting, Ben presented the “Reverse HTTP” proposal, which can be found at: https://github.com/httpwg/wg-materials/blob/gh-pages/ietf118/reverse-http.pdf. When we discussed the proposal, it seemed that there is interest in: * using extended CONNECT, and * supporting reverse tunneling for TCP, in addition to HTTP. As stated during the meeting, we are interested in implementing this feature in h2o and have therefore submitted the draft, available at: https://www.ietf.org/archive/id/draft-kazuho-httpbis-reverse-tunnel-00.html<https://www.ietf.org/archive/id/draft-kazuho-httpbis-reverse-tunnel-00.html>. Please let us know what you think. For the primary use case of setting up HTTP connections in the reverse direction, the draft employs the extended CONNECT method (or the upgrade mechanism in HTTP/1.1). Once the tunnel is set up, HTTP/1.1 or HTTP/2 can be used as-is. The design utilizes URIs to identify the reverse service, offering flexibility to operators, including the large-scale reverse proxy operators who automate configuration changes. Operators can provide unique URIs to each backend that connects in the reverse direction, and authenticate the backends using HTTP authentication (or other HTTP-based authentication schemes). Additionally, this feature can be seamlessly integrated into existing reverse proxies with minimal effort and virtually zero overhead. A reverse proxy can accept the reverse tunnel using HTTP/1.1, and upon establishment, just “add” the tunnel’s TCP / TLS connection to the already-existing connection pool. This is because the protocol being used atop the tunnel is HTTP/1.1 or HTTP/2 unmodified. Of course, the draft does not forbid endpoints from using HTTP/2 to establish reverse tunnels. It will be at the discretion of the endpoints to decide which HTTP version to use. Considering that tunnels will be typically established using HTTPS, additional encryption atop the tunnel is often unnecessary. In light of this, the draft defines a method to negotiate the application protocol by reusing the ‘ALPN’ header field, streamlining communication within the encrypted tunnel. For the other use case of setting up a TCP relay, the draft utilizes the ‘Forwarded’ header field to convey the 4-tuple of the TCP connection being relayed. The header field is sent as part of a successful response indicating the establishment of the relay. Until a relay is established, 100 (Continue) responses are used to indicate that the relay is waiting for a connection to be matched. Regarding the TCP relay use case, it might be worthwhile to mention an alternative approach not included in the current draft submission. This strategy entails establishing an HTTP reverse tunnel as previously described, followed by utilizing this channel to transmit 'CONNECT' requests that relay TCP connections. This approach might be slightly more complex than the design specified in the draft, but it builds on top of the HTTP feature that already exists for relaying bi-directional byte streams. ---------- Forwarded message --------- From: IETF I-D Submission Tool <idsubmission@ietf.org<mailto:idsubmission@ietf.org>> Date: 2024年2月20日(火) 11:25 Subject: Confirm submission of I-D draft-kazuho-httpbis-reverse-tunnel To: Kazuho Oku <kazuhooku@gmail.com<mailto:kazuhooku@gmail.com>> Hi, The IETF datatracker Internet-Draft submission service has received your Internet-Draft draft-kazuho-httpbis-reverse-tunnel-00, and requires a confirmation step in order to be able to complete the posting of the Internet-Draft. Please follow this link to the page where you can confirm the posting: https://datatracker.ietf.org/submit/status/140209/confirm/da185e3e7d346ab40f2a320bf26a2917/<https://datatracker.ietf.org/submit/status/140209/confirm/da185e3e7d346ab40f2a320bf26a2917/> Best regards, The IETF Secretariat through the Internet-Draft submission service -- Kazuho Oku ---------- Forwarded message --------- From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> Date: 2024年2月20日(火) 11:35 Subject: New Version Notification for draft-kazuho-httpbis-reverse-tunnel-00.txt To: Kazuho Oku <kazuhooku@gmail.com<mailto:kazuhooku@gmail.com>> A new version of Internet-Draft draft-kazuho-httpbis-reverse-tunnel-00.txt has been successfully submitted by Kazuho Oku and posted to the IETF repository. Name: draft-kazuho-httpbis-reverse-tunnel Revision: 00 Title: Reverse Tunnel over HTTP Date: 2024-02-20 Group: Individual Submission Pages: 12 URL: https://www.ietf.org/archive/id/draft-kazuho-httpbis-reverse-tunnel-00.txt<https://www.ietf.org/archive/id/draft-kazuho-httpbis-reverse-tunnel-00.txt> Status: https://datatracker.ietf.org/doc/draft-kazuho-httpbis-reverse-tunnel/<https://datatracker.ietf.org/doc/draft-kazuho-httpbis-reverse-tunnel/> HTML: https://www.ietf.org/archive/id/draft-kazuho-httpbis-reverse-tunnel-00.html<https://www.ietf.org/archive/id/draft-kazuho-httpbis-reverse-tunnel-00.html> HTMLized: https://datatracker.ietf.org/doc/html/draft-kazuho-httpbis-reverse-tunnel<https://datatracker.ietf.org/doc/html/draft-kazuho-httpbis-reverse-tunnel> Abstract: This document specifies an HTTP extension to establish bi-directional byte streams in the direction from servers to their clients, utilizing HTTP as a tunneling mechanism. This approach not only facilitates communication between servers located behind firewalls and their known clients but also introduces the potential for these known clients to serve as relays. In such configurations, clients can forward application protocol messages or relay TCP connections, allowing servers to interact with any client on the Internet without direct exposure. The IETF Secretariat -- Kazuho Oku
- Proposal for Creating Reverse Tunnels, for HTTP a… Kazuho Oku
- Re: Proposal for Creating Reverse Tunnels, for HT… Ben Schwartz