IETF Logo Mail Archive

Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt

Kazuho Oku <kazuhooku@gmail.com> Mon, 16 August 2021 02:48 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3306A3A00D9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 15 Aug 2021 19:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6SgmyUhameM for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 15 Aug 2021 19:48:49 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 118293A00D4 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 15 Aug 2021 19:48:48 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1mFSe5-0001oS-8j for ietf-http-wg-dist@listhub.w3.org; Mon, 16 Aug 2021 02:46:37 +0000
Resent-Date: Mon, 16 Aug 2021 02:46:37 +0000
Resent-Message-Id: <E1mFSe5-0001oS-8j@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <kazuhooku@gmail.com>) id 1mFSe3-0001nU-Co for ietf-http-wg@listhub.w3.org; Mon, 16 Aug 2021 02:46:35 +0000
Received: from mail-ed1-f53.google.com ([209.85.208.53]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <kazuhooku@gmail.com>) id 1mFSdy-0006TU-Ta for ietf-http-wg@w3.org; Mon, 16 Aug 2021 02:46:35 +0000
Received: by mail-ed1-f53.google.com with SMTP id r19so20867386eds.13 for <ietf-http-wg@w3.org>; Sun, 15 Aug 2021 19:46:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=L2oBnMx3pP2B1isRi+yFt+VGG8UI8uSZi75ttGC+5VU=; b=tYdwPVkCfWkn6tBCpWNf6+dyymRt2IL3XNILnNJHEObwq3mOad9FmiW3xoMzLs1pfN ZGo8MX6Xqi/Kia9tXZFgznXHvLz5a3OyYJeMsrIsBhaZbc9veEAvnBHt+fESQjhG4LUE yJ18ryeksfBwHHZSFqhH0bPHT8GnHHXcxJi0P/VlTPdw4+N1UzZ+ORsXZ+5C3zj4hK4j kh7rJuMW0I7okglUdRy24PGpveHte05QRgaePNCBNcP8q3YTiLAgHCZIaF4rRLhfuDik +biFtUJfE9rhvcAsc1IWYvybSBt3vNdNvflh9XxXpAvEWs3BTiKqU4ght8Tu0jE+2CWI 1+5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=L2oBnMx3pP2B1isRi+yFt+VGG8UI8uSZi75ttGC+5VU=; b=GcT8+whGX0Md8PPs3B9qu2UGglW0tOfFktzIWZH4pQAIet3tPxTDiN1I/8f1WuysnL WKW8G1L9cToJFpgk4UAJAP0vvkjMm2SYD52fdEdHbeywrNaU33KcTctBuZYQ5Wlf88Lm mF+lOgOkrl68ybg6ba8g+aa/IQcTvzvOPnv31vNExfuM/aIUH30A93jELMVMrDE6V4wQ N/aH0OfllozrFoFzxUzNmWCzPXAhwuRuBa4bdLnndGehllJ9kHgj5qHZVuGTkV+wcJU+ GvJZOGhP8tPg2oKMZSD+lgQIPvvxGswEBI0seB7Smj0iPvMEF/MgwST026Qbr4QUjlzs qZtw==
X-Gm-Message-State: AOAM532A8lkT7TdrFpV4SJuCiXIPGmTAvzfUA/AoYq9LWmJjGCs/oRD2 Y7LlIrDSxBZ9avgWmg13iv+DmjrFS2pT3YJCxD0=
X-Google-Smtp-Source: ABdhPJzMsJYAa115n9XC3t/T3yKm5mRbyT/SiIdN3Rdoi4S0eNDwIk1/vL6+SJIaLwENzBx0PaI7JnUrLKrGUndmayM=
X-Received: by 2002:a05:6402:2794:: with SMTP id b20mr5400339ede.126.1629081919583; Sun, 15 Aug 2021 19:45:19 -0700 (PDT)
MIME-Version: 1.0
References: <162883401993.25302.7275724432785172464@ietfa.amsl.com> <CANatvzxWrg+rciDpOZqsnDWq_oW_cr-Do2SjUzGgPy_vyAUs=Q@mail.gmail.com> <8FC98EA2-7DCB-41E0-9C4F-58088C5DD89E@mnot.net> <82e1dc8e-e9b0-f928-0862-17f28ae76a74@measurement-factory.com>
In-Reply-To: <82e1dc8e-e9b0-f928-0862-17f28ae76a74@measurement-factory.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Mon, 16 Aug 2021 11:45:08 +0900
Message-ID: <CANatvzwNy0tx1S7-irgCB3Zcx6i-gXYV4XHheZpnhVU9GbfHZg@mail.gmail.com>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Jana Iyengar <jri.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000020792605c9a4318c"
Received-SPF: pass client-ip=209.85.208.53; envelope-from=kazuhooku@gmail.com; helo=mail-ed1-f53.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=kazuhooku@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1mFSdy-0006TU-Ta 6ef97c011e9de1c35d550d191c654c60
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt
Archived-At: <https://www.w3.org/mid/CANatvzwNy0tx1S7-irgCB3Zcx6i-gXYV4XHheZpnhVU9GbfHZg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39184
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Mark, Alex,

Thank you for your comments. I think your concern regarding intermediaries
is legitimate.

One way of moving forward would be to say that intermediaries should not
forward the self-trace request. IIUC, we already have a precedent that
requires some intercepting proxies modify the request-response: when
expect-ct: enforce is being used, an intercepting proxy (typically using a
certificate not registered to CT) has to drop that response header,
otherwise the browser would refuse to reconnect.

Though, the problem here might be lack of incentive. While intercepting
proxies would be incentivized to drop expect-ct (if they see errors due to
the header being forwarded), there would be no incentive for them to add
code for rejecting self-trace requests.

That said, if we are to adopt MT's proposal (i.e., use a response header
for indicating the location of the trace), then probably we would have
better alignment because it would be about having a list of response
headers that an intercepting proxy might want to drop (i.e. except-ct and
the trace header).

The other option would be to add a H3 settings frame that indicates that
the endpoint is an end-client. Though I would prefer having a tracing
scheme that does not require changes to endpoints.


2021年8月15日(日) 2:03 Alex Rousskov <rousskov@measurement-factory.com>:

> On 8/13/21 10:43 PM, Mark Nottingham wrote:
>
> >>    To prevent this attack, servers SHOULD serve self-trace only when
> >>    HTTPS is being used.  The assumption here is that when HTTPS is being
> >>    used, end-clients are directly connected to the server.
>
> > I'm not sure that's a reasonable assumption; enterprise MITM proxies
> > are pretty widely deployed. They may not currently implement h2 or
> > h3, but that's not something we can rely upon.
>
>
> In fact, there are enterprise MITM proxies that inspect H2 already -- we
> have been helping to test them for a few years now. I do not know about
> H3 because Web Polygraph does not support H3 yet.
>
>
> Cheers,
>
> Alex.
>
>
> >> On 13 Aug 2021, at 4:14 pm, Kazuho Oku <kazuhooku@gmail.com> wrote:
> >>
> >> Hello folks,
> >>
> >> Today Jana and I have submitted a tiny I-D called
> draft-kazuho-httpbis-selftrace.
> >>
> >> The draft specifies a well-known URI to be used for providing a trace
> of a particular HTTP/3 connection (e.g., qlog) on that same HTTP/3
> connection.
> >>
> >> One of the biggest hurdles in analyzing HTTP/3 performance issues is
> obtaining traces that show the symptoms. That is because clients being
> affected by issues have to coordinate with the server operators to collect
> the traces.
> >>
> >> This PR solves the problem by defining a well-known URI for serving a
> trace to the client on the HTTP connection that the client is using. When a
> user sees an issue, they can collect the traces themselves and provide it
> to the server operator.
> >>
> >> We have already implemented the feature in h2o, and doing so was easy,
> assuming that the underlying QUIC stack already defines callbacks for
> collecting trace events, see lib/handler/self_trace.c of
> https://github.com/h2o/h2o/pull/2765.
> >>
> >> We also have a public endpoint; to try it out, first open
> https://ora1.kazuhooku.com/test/self-trace/video-only.html (which starts
> streaming a video), then open
> https://ora1.kazuhooku.com/.well-known/self-trace. While the video is
> being served, you would see the trace flowing through the well-known URI.
> >>
> >> At the moment, we are using a custom JSON format for the trace, but
> when gzip compression is applied on-the-fly, the overhead of sending a
> trace alongside ordinary HTTP responses is less than 10%. Therefore, we
> tend to believe that this approach would work well in practice.
> >>
> >> Please let us know what you think - your feedback is very welcome.
> >>
> >> ---------- Forwarded message ---------
> >> From: <internet-drafts@ietf.org>
> >> Date: 2021年8月13日(金) 14:53
> >> Subject: New Version Notification for
> draft-kazuho-httpbis-selftrace-00.txt
> >> To: Jana Iyengar <jri.ietf@gmail.com>, Kazuho Oku <kazuhooku@gmail.com>
> >>
> >>
> >>
> >> A new version of I-D, draft-kazuho-httpbis-selftrace-00.txt
> >> has been successfully submitted by Kazuho Oku and posted to the
> >> IETF repository.
> >>
> >> Name:           draft-kazuho-httpbis-selftrace
> >> Revision:       00
> >> Title:          Self-Tracing for HTTP
> >> Document date:  2021-08-13
> >> Group:          Individual Submission
> >> Pages:          5
> >> URL:
> https://www.ietf.org/archive/id/draft-kazuho-httpbis-selftrace-00.txt
> >> Status:
> https://datatracker.ietf.org/doc/draft-kazuho-httpbis-selftrace/
> >> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-kazuho-httpbis-selftrace
> >>
> >>
> >> Abstract:
> >>    This document registers a "Well-Known URI" for exposing state of an
> >>    HTTP connection to the peer using formats such as qlog schema [QLOG].
> >>
> >>
> >>
> >>
> >> The IETF Secretariat
> >>
> >>
> >>
> >>
> >> --
> >> Kazuho Oku
> >
> > --
> > Mark Nottingham   https://www.mnot.net/
> >
>
>

-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email