IETF Logo Mail Archive

Re: WGLC for draft-ietf-httpbis-connect-tcp

David Schinazi <dschinazi.ietf@gmail.com> Fri, 16 February 2024 22:07 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF1D3C151064 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Feb 2024 14:07:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.856
X-Spam-Level:
X-Spam-Status: No, score=-2.856 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="SVFDZbms"; dkim=pass (2048-bit key) header.d=w3.org header.b="n3GvSLtF"; dkim=pass (2048-bit key) header.d=gmail.com header.b="LEtIkYQp"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NLkRvweP_ZTl for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Feb 2024 14:06:57 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B652C14CE30 for <httpbisa-archive-bis2Juki@ietf.org>; Fri, 16 Feb 2024 14:06:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=6x4w0DYWTwlyBxA4O3l/LDqSz97kKlFoKTr8r0uJLrk=; b=SVFDZbmsjz3W7AcAb5oKHKA+HM w3UvEhtlghfQ0MPogaDYqEuVy/pset/hc6PIhtYvVU6JLZ9v+CgtggS4Fcx3CBRh5zzixk5+QSmXl XXTFt2MC5W5jrWMnIRrE919zQsFGvbie9gFL+PH2ZGQQIBBDBH095nGNDia0hiMbKrrU3YQn1oUvt zAx+eevOll/yCcUrLAhwRCB4mkj8anHu7qvSddf/XpSuaa2y+vsM7F60Z0pYzqrd4O/xK/OEaolKB aVr+vLtJ/SuSI8d4inoz6agJSJLhsE/OM/81OKwb46V2vvHh10Wc2F6c6jBt8FYfucqPN5gWarH79 wJJfukBA==;
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1rb6KT-00BFzo-0G for ietf-http-wg-dist@listhub.w3.org; Fri, 16 Feb 2024 22:05:09 +0000
Resent-Date: Fri, 16 Feb 2024 22:05:09 +0000
Resent-Message-Id: <E1rb6KT-00BFzo-0G@lyra.w3.org>
Received: from puck.w3.org ([34.196.82.207]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <dschinazi.ietf@gmail.com>) id 1rb6KQ-00BFyl-Vm for ietf-http-wg@listhub.w3.org; Fri, 16 Feb 2024 22:05:07 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=6x4w0DYWTwlyBxA4O3l/LDqSz97kKlFoKTr8r0uJLrk=; t=1708121106; x=1708985106; b=n3GvSLtFlHRxVzupozFG7UjX9ej/44H2KVET0A5YgnFFABvP9YLeLxAhyq0rcjfU9KXEfC7eVJ0 B9ijTSfhwPtaBtoC0bIOOQSARqgdCd2yWDfkQhjn1slVADyDpSt8cKioXeX2TZtscZiOJFC+V4O6e UZswgEzcuM5gH+XABCLtRRaGi7F/sYkVvGV/uSV+8ViyRz6KlbSrPm1AxcYfLLkqMo5Zw8AVVamSa bIrM6MaeYhWCmUUTJQJVKcntsArFUe1kEJNnQfjYDqYoerQsCOw9sWVCv4LoS/NDC5aVz+J+kMLj1 VJhHQUuzk289nedhCZSWujQN6ZqTb21m6kWg==;
Received-SPF: pass (puck.w3.org: domain of gmail.com designates 2a00:1450:4864:20::62b as permitted sender) client-ip=2a00:1450:4864:20::62b; envelope-from=dschinazi.ietf@gmail.com; helo=mail-ej1-x62b.google.com;
Received: from mail-ej1-x62b.google.com ([2a00:1450:4864:20::62b]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <dschinazi.ietf@gmail.com>) id 1rb6KQ-000Z4H-09 for ietf-http-wg@w3.org; Fri, 16 Feb 2024 22:05:06 +0000
Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a26f73732c5so192840366b.3 for <ietf-http-wg@w3.org>; Fri, 16 Feb 2024 14:05:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708121102; x=1708725902; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6x4w0DYWTwlyBxA4O3l/LDqSz97kKlFoKTr8r0uJLrk=; b=LEtIkYQpn2rOJefeJfS/iIdwz95Z/+Alv7cFhj+sy6kYkNdUxjPGmh1w/j2P3TjVVY r8Zs+120otlXXggNHP0lOz7hYUIw6cO8AX3tWrqreZMZ1Qt0894PzZaszjiwW9G7ymLL NGCoIMVdX9rS3WKND7nlvMdBaa+uwxvCXEXaP6ikC6FaAYAyYnnAigRyB997954l2yIw agsfxuMUr+OWzM1te1Okm46qRGb90jEC3sFsdBtYuIK+7kxv9LutiUexkydGx97FMI2u vINKPC4dd4eseQUDUsEVonXljsCtKxs6/IF9fanAr7tCxE0bcJ7Z8Od1VNgfD1qGyP54 C9dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708121102; x=1708725902; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6x4w0DYWTwlyBxA4O3l/LDqSz97kKlFoKTr8r0uJLrk=; b=TRuMt7tpiYV/rxeCJ/qBplBSltivO2qwwzve+dTFse0KUfFHVHxNH5tMUgalWaj/76 +9MZYWvdENPx254PPUrCnyxIHOmQ0xHU3jEWWOEI+Jif1m0RkpFvlufrybCn/8kGLd6q GYl31q2xeY0J+RiJPhXc7Wurj83q2EyTlTB+q8YUQO5M3Oc1hzqfQkhRXNZXnKXgJ2gg Jrc+Egy6lsYbEbI8/4uhPZdFfoSoY2wwHrqnhVbjPLT0Akn9Z75Bo3W1l3Jv8gSw1HQ3 U96bh2clld968eUhL+sTTkfCPJNgA42AVhfFs4K/Gj64BEz64qDZH8cM5VtLGEv/rPys 93fg==
X-Forwarded-Encrypted: i=1; AJvYcCXoRHgiDlaWt476c0WH9fJg/lv5V6k9wFERlh96zhUwvd+RSs9qwJHDKXYzAx4C9cGOYIgp+hZS4Np5RNgFFKPDQLxG
X-Gm-Message-State: AOJu0YycalyJPyQQtClSxzccJoR6Lw9tc3WA2xteYPzvQbtK4DHqx0xy h2DEcCMdJaaYNk1nxpES2iBLnTELczeA+eV9BwPNKSSD3h68SGj+EjwaZxOdjgqLnPz+2k1ghV3 jn8eLpn18g9fwpT+xpYEct6IKxj46gQt6
X-Google-Smtp-Source: AGHT+IGuaThR1f/lypo/vCYNS+4aIML8DHkBVOouk1fLWeBRuqPaMT1YSGtmXjLVUSOx6Gy8C3d/e3T2JJk7Cd2YgYI=
X-Received: by 2002:a17:906:36c7:b0:a3d:d909:f57 with SMTP id b7-20020a17090636c700b00a3dd9090f57mr2308979ejc.41.1708121101570; Fri, 16 Feb 2024 14:05:01 -0800 (PST)
MIME-Version: 1.0
References: <7228A073-F867-4007-BB44-0AA547455539@apple.com> <CAPDSy+5ETu3BeA-0defYYKhLhMZ9f6UE=boxAp7aFwh-RTi9xw@mail.gmail.com> <SA1PR15MB437034E91B1959A206D82482B3792@SA1PR15MB4370.namprd15.prod.outlook.com> <0489428B-16E4-42AF-8224-9054122DD41A@apple.com> <662ECDC0-3B90-443F-BD0F-AF340FD7FEED@meta.com> <CAPDSy+7TEseyJv5TO0BLrdRBpGvjGLOeEqSbZW4JN8xir5c1tg@mail.gmail.com> <8A616C9D-496D-4730-938D-A9BDB1CEBC48@meta.com>
In-Reply-To: <8A616C9D-496D-4730-938D-A9BDB1CEBC48@meta.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 16 Feb 2024 14:04:50 -0800
Message-ID: <CAPDSy+7Lo0KkeYNsUdbsjoaoN3Dc_pCGabHSuXGXtt31a_Ungg@mail.gmail.com>
To: Ben Schwartz <bemasc@meta.com>
Cc: Tommy Pauly <tpauly@apple.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="0000000000007e1458061186ef45"
X-W3C-Hub-DKIM-Status: validation passed: (address=dschinazi.ietf@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-14.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1rb6KQ-000Z4H-09 8f4f818d0205413cf71557e02f94eff0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: WGLC for draft-ietf-httpbis-connect-tcp
Archived-At: <https://www.w3.org/mid/CAPDSy+7Lo0KkeYNsUdbsjoaoN3Dc_pCGabHSuXGXtt31a_Ungg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51785
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks for clarifying. At this point the list-of-IP-addresses feature seems
unneeded to me, and it adds complexity to server implementations. I would
personally recommend removing it from this document. It can always be added
back if we need it later in an extension.
David

On Thu, Feb 15, 2024 at 1:01 PM Ben Schwartz <bemasc@meta.com> wrote:

>
>
> > On Feb 15, 2024, at 2:34 PM, David Schinazi <dschinazi.ietf@gmail.com>
> wrote:
> >
> > Hi Ben, thanks for the PR - it looks good to me.
> >
> > Regarding your point about client implementers, can you share more about
> them? Who's implemented this so far? Who's depending on the address list
> feature?
>
> I’m referring to prior conversations where some people seemed to prefer
> leaving DNS resolution entirely in the client’s hands, e.g. [1].
>
> In most cases, I think target_host should simply be a hostname.  However,
> I do think there are some cases where passing an IP address is appropriate,
> and in those cases passing a list of N IPs is much more efficient than
> sending N requests with one IP each:
>
> * When the client feels that it is necessary to enforce DNSSEC validation
> of the A/AAAA responses.  (This is an unusual threat model, but it is
> supported by platforms like iOS [2]).
> * When the client attempts to reduce connection setup latency by using an
> HTTPS record’s ipv4hint and ipv6hint SvcParams.
> * When the IP addresses were not delivered through DNS at all (e.g., ICE
> TCP in SDP [3])
>
> —Ben
>
> [1]
> https://datatracker.ietf.org/doc/chatlog-115-masque-202211090930/#:~:text=In%20general%2C%20it%27s%20better%20for%20the%20proxy%20to%20do%20the%20final%20name%2D%3EIP%20resolution%2C%20whereas%20it%27s%20better%20for%20the%20client%20to%20do%20the%20HTTPS/SVCB%20lookup
> .
>
> [2]
> https://developer.apple.com/documentation/network/nwparameters/3952717-requiresdnssecvalidation
>
> [3] https://datatracker.ietf.org/doc/html/rfc6544#appendix-C
>
> >
> > Thanks,
> > David
> >
> > On Wed, Feb 14, 2024 at 1:59 PM Ben Schwartz <bemasc@meta.com> wrote:
> >
> >> On Feb 13, 2024, at 10:48 PM, Tommy Pauly <tpauly@apple.com> wrote:
> >>
> >>> On Jan 26, 2024, at 11:19 AM, Ben Schwartz <bemasc@meta.com> wrote:
> > ...
> >>>     • "target_port" or "tcp_port":
> https://github.com/httpwg/http-extensions/pull/2720
> >
> >
> > …
> >
> >> As I’ve mentioned just now on the issue, the direction for
> configuration might be to be more explicit on the supported protocol, so
> that we don’t try to infer the protocol from the template. Based on that,
> I’d lean right now towards just having a target_port, instead of tcp_port.
> >
> >
> > OK it sounds like the consensus favors this change, so I’ve opened
> https://github.com/httpwg/http-extensions/pull/2736.
> >
> >>>
> >>>     • Support for "target_host=192.0.2.1&target_host=2001:db8::1":
> https://github.com/httpwg/http-extensions/pull/2719
> >>>
> >>> To improve Happy Eyeballs and related behaviors, "connect-tcp" allows
> the client to provide a list of IP addresses.  URI Templates have a
> built-in notion of lists.  In URI Template Level 3 and below, list elements
> are always joined by commas ("192.0.2.1,2001:db8::1").  However, in Level
> 4, templates can use the "explode modifier" to generate repeated key=value
> assignments (as above), which are more idiomatic in some web frameworks.
> Should we require clients to support Level 4 templates, or restrict proxies
> to publishing Level 3 templates?
> >>
> >>
> >> In what I’ve seen, it’s usually best to have happy eyeballs be done by
> the proxy based on the DNS resolution the proxy itself has performed, not
> necessarily the addresses provided by the client. Before we make this too
> complex, I'd like to hear about who would exercise this capability.
> >
> > I agree that this is best practice.  (It’s even documented at
> https://datatracker.ietf.org/doc/html/rfc9460#section-3.2-2.)  However,
> I’ve heard a number of arguments from client implementors who felt that the
> client should be able to use its own DNS resolver, independent of the
> proxy, in which case this functionality seems valuable for Happy Eyeballs
> to work as intended.
> >
> > In the above pull request, I’ve simplified the syntax for this (reducing
> the URI Template requirement to Level 3) to minimize the burden on clients
> that don’t use the feature.
> >
> > —Ben
>
>
>

v2.23.0 | Report a Bug | By Email