Re: HTTPS 2.0 without TLS extension?

Martin Thomson <martin.thomson@gmail.com> Tue, 23 July 2013 22:36 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAB6411E8177 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Jul 2013 15:36:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.757
X-Spam-Level:
X-Spam-Status: No, score=-9.757 tagged_above=-999 required=5 tests=[AWL=0.542, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5LpXUCOmoyQ9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Jul 2013 15:36:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 0EF5611E8164 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 23 Jul 2013 15:35:04 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V1lAH-0004Ne-76 for ietf-http-wg-dist@listhub.w3.org; Tue, 23 Jul 2013 22:34:41 +0000
Resent-Date: Tue, 23 Jul 2013 22:34:41 +0000
Resent-Message-Id: <E1V1lAH-0004Ne-76@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1V1lA8-0004K2-1f for ietf-http-wg@listhub.w3.org; Tue, 23 Jul 2013 22:34:32 +0000
Received: from mail-we0-f172.google.com ([74.125.82.172]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1V1lA6-0002w2-Lz for ietf-http-wg@w3.org; Tue, 23 Jul 2013 22:34:32 +0000
Received: by mail-we0-f172.google.com with SMTP id t61so2716874wes.31 for <ietf-http-wg@w3.org>; Tue, 23 Jul 2013 15:34:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Aln3/PWCwgzZaWQUHEp0mXnQH3S4acCzSiMe1/qsA/o=; b=F8pWktNjuXf3T6TZcd1gkyCYSqdmf9yJIVIiY/Jb4jjw0r/A1YqL4SnOrm7cIgWueI 9HthwdjbeaAFz3PMRi1CLgZgBYP8GP948T2Syxaa0dI3QL1clZk7h9lF5sHVMSzUZXsE +d1S2cTLn7wTxJJuXWe8SvgON3sexIkYjrIX036sVMN7Tr033SqmHFB0NeD6DBFmVv0M H4TULN9jrn2ZtZfduB32hig7XomhNAZL5YrKtZWcIXCN3o5nEidWIvcUw3riWGFh2jP2 aLW41o2pbEr4XjMXXNCrMkf6TOcMp87kzZIOumEedIYcWX7zouWyUxsDDui61DTBuHyG XxIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Aln3/PWCwgzZaWQUHEp0mXnQH3S4acCzSiMe1/qsA/o=; b=IQaD12MAjn6FsV0fCRO+GEAm2vv/+PmCp03rAPy92ZL3aiVgwapRf1jpdaRkIp7FWd ss5A3YChM0IEyIDp5/b3qhgO2FvL4XySrSrNNRZAqX13kOaimeLHVs/tG4Xi3+Kt4lQ3 ckNTucyZzZHAOyfcgJhwckReNw8vhAtlx/RITbjDClXIUKb2TW32nbsJDpAAE1+GHaQY LpryJXH/ex+0ElwyhZrJx8IvzKL9FNS0TPW9MC6ZdHSr5jX/ty1IirkrVUBh4hZmVtUh VZUKCpSuS2vN4FH7UFRH/qiUJTVQxMBy7cvd6Yx/jAoFEgcl/8Y6VwtyWjIu7Wtr3PFK ti+A==
MIME-Version: 1.0
X-Received: by 10.180.9.212 with SMTP id c20mr473971wib.65.1374618844593; Tue, 23 Jul 2013 15:34:04 -0700 (PDT)
Received: by 10.194.60.46 with HTTP; Tue, 23 Jul 2013 15:34:04 -0700 (PDT)
In-Reply-To: <CAA4WUYiA5A2pnqMOrntb-B_uGQRBAGeaAAf8ELtBmHhCzan63Q@mail.gmail.com>
References: <CACuKZqEBAqXs-cQF1U-g3npaXGR0LEoXZYxDv-3a+ftn-YG=_g@mail.gmail.com> <CAA4WUYjS=JXYAYKe0ueqUFbdEUC3pM8xuj--b=F=WPgnSc9xYg@mail.gmail.com> <CACuKZqGjYtmkFBEEDX+s=n=_15frt+qoQws4TWgiDEijBE+Mow@mail.gmail.com> <CACuKZqHJ-x3Q69Uvtoj4C1TGy4F+PeUyqzbdUxEUVZOVr2KEnA@mail.gmail.com> <CAA4WUYiA5A2pnqMOrntb-B_uGQRBAGeaAAf8ELtBmHhCzan63Q@mail.gmail.com>
Date: Tue, 23 Jul 2013 15:34:04 -0700
Message-ID: <CABkgnnWHCWzxUyLTF_EqudYSa3xcsSp1vcF9oukJTc7fQgXktA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: =?UTF-8?B?V2lsbGlhbSBDaGFuICjpmYjmmbrmmIwp?= <willchan@chromium.org>
Cc: Zhong Yu <zhong.j.yu@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=74.125.82.172; envelope-from=martin.thomson@gmail.com; helo=mail-we0-f172.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.660, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1V1lA6-0002w2-Lz f583b5fe9db33212d381ab34fa861e87
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTPS 2.0 without TLS extension?
Archived-At: <http://www.w3.org/mid/CABkgnnWHCWzxUyLTF_EqudYSa3xcsSp1vcF9oukJTc7fQgXktA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18895
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 23 July 2013 11:57, William Chan (陈智昌) <willchan@chromium.org> wrote:
> I find your argument for mandating HTTP Upgrade to HTTP/2.0 over TLS
> uncompelling. If others find it compelling, I would be interested in hearing
> so.

If we are going to enable variant modes of operation, then the
justification will need to be quite strong.  I don't believe that
there are many up-sides to this particular mode of operation that
would argue for its inclusion.

If all this comes down to is an inability to talk ALPN, maybe someone
can help us understand the situation that makes it difficult to deploy
that (I can imagine a few cases where this might be the case, but it
would be better to get to concrete cases).

I'll note that TLS + HTTP Upgrade is not the only option on the table
for people who find themselves wanting HTTP/2.0 but unable to deploy
ALPN.