Re: HTTPS 2.0 without TLS extension?

Amos Jeffries <squid3@treenet.co.nz> Wed, 24 July 2013 09:37 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDFBD11E83F0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 24 Jul 2013 02:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRGyEv8sObek for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 24 Jul 2013 02:37:04 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 666D611E83B3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 24 Jul 2013 02:37:04 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V1vTj-0004d7-DH for ietf-http-wg-dist@listhub.w3.org; Wed, 24 Jul 2013 09:35:27 +0000
Resent-Date: Wed, 24 Jul 2013 09:35:27 +0000
Resent-Message-Id: <E1V1vTj-0004d7-DH@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1V1vTX-0004aS-0X for ietf-http-wg@listhub.w3.org; Wed, 24 Jul 2013 09:35:15 +0000
Received: from ip-58-28-153-233.static-xdsl.xnet.co.nz ([58.28.153.233] helo=treenet.co.nz) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1V1vTV-0003N0-VE for ietf-http-wg@w3.org; Wed, 24 Jul 2013 09:35:14 +0000
Received: from [192.168.1.218] (ip202-27-218-168.satlan.co.nz [202.27.218.168]) by treenet.co.nz (Postfix) with ESMTP id B9015E6D59 for <ietf-http-wg@w3.org>; Wed, 24 Jul 2013 21:34:44 +1200 (NZST)
Message-ID: <51EF9FA1.3010207@treenet.co.nz>
Date: Wed, 24 Jul 2013 21:34:25 +1200
From: Amos Jeffries <squid3@treenet.co.nz>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: ietf-http-wg@w3.org
References: <CACuKZqEBAqXs-cQF1U-g3npaXGR0LEoXZYxDv-3a+ftn-YG=_g@mail.gmail.com> <CAA4WUYjS=JXYAYKe0ueqUFbdEUC3pM8xuj--b=F=WPgnSc9xYg@mail.gmail.com> <CACuKZqGjYtmkFBEEDX+s=n=_15frt+qoQws4TWgiDEijBE+Mow@mail.gmail.com> <CAJ_4DfR=OgXx8e7j=Fmvt+VmoHUE2y8dT6E=6-ifuKCoyF8SPg@mail.gmail.com>
In-Reply-To: <CAJ_4DfR=OgXx8e7j=Fmvt+VmoHUE2y8dT6E=6-ifuKCoyF8SPg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=58.28.153.233; envelope-from=squid3@treenet.co.nz; helo=treenet.co.nz
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.449, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1V1vTV-0003N0-VE 7cf910e4f3ed3ca9a3ae2ae606466b88
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTPS 2.0 without TLS extension?
Archived-At: <http://www.w3.org/mid/51EF9FA1.3010207@treenet.co.nz>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18902
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 24/07/2013 9:29 a.m., Ryan Hamilton wrote:
> On Tue, Jul 23, 2013 at 11:46 AM, Zhong Yu <zhong.j.yu@gmail.com 
> <mailto:zhong.j.yu@gmail.com>>wrote:
>
>     I agree TLS-ALPN is much better than TLS-Upgrade, but it'll take the
>     rest of the world some time to get there.
>
>
> ​It's going to take the rest of the world some time to deploy HTTP/2, 
> as well.  Do you think that ALPN will be harder to deploy than HTTP/2?
>

Red herring argument.  If ALPN is the mandatory requirement of HTTP/2 it 
cannot be harder. They will be equal or HTTP/2 will be harder - since it 
includes more than just ALPN.

The issue in question is whether or not ALPN should be mandatory in the 
first place, or if allowing other mechanisms will encourage faster 
HTTP/2 adoption. Whether or not those other mechanisms are slower or 
worse than ALPN - do they encourage or help rollout?

IMHO, this is an issue where we can afford to wait and see. Probably we 
will end up with ALPN as mandatory the others as optional to encourage 
the more efficient method.

Amos