IETF Logo Mail Archive

Re: WGLC for draft-ietf-httpbis-connect-tcp

Tommy Pauly <tpauly@apple.com> Thu, 07 March 2024 17:23 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C589C151986 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 7 Mar 2024 09:23:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.855
X-Spam-Level:
X-Spam-Status: No, score=-2.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="gv9PFhm4"; dkim=pass (2048-bit key) header.d=w3.org header.b="dXVSzfHO"; dkim=pass (2048-bit key) header.d=apple.com header.b="xBdZUGAO"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nO6x3s6F12nv for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 7 Mar 2024 09:23:41 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDF7EC180B6D for <httpbisa-archive-bis2Juki@ietf.org>; Thu, 7 Mar 2024 09:23:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:References:To:Cc:In-reply-to:Date:MIME-version:Content-type: Message-id:From:Reply-To; bh=0vrxJL8cuiUv8GUgLuQBH59e5f6gSLohLewhhX2A8L0=; b= gv9PFhm4Z82G49phvp5kwlyx/Sz9VLWkt++sAHOPx2lh0Mde0OdHHz088yucvn0oIpQ05bLVP2OtB 5+1/VItmHVUm/7sxPDD+ixbefJTaUdE+LP+XKIIQbCa1f9guu2lxlU0s8df6vB6gnKBHgLY0J7tQX jQRFJ6JQSExV1uDB4EB1+hr65wQ70F0tRe3wc479KT2JCoQ+UPXcRIRpamBXavUzmb9SP0kVq2Ejj s7d4gzcZ7zQnW9VbquBzjpqdlqbcYnVWL8Fj8VV9PohvKpYu1VuwP4uFGYXXo7a9ZBYh5M3BXNRfO AdGlekEcPHwvXKutuYEdrPkk+jYUdWq5Mg==;
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1riHSq-008rTN-8Z for ietf-http-wg-dist@listhub.w3.org; Thu, 07 Mar 2024 17:23:28 +0000
Resent-Date: Thu, 07 Mar 2024 17:23:28 +0000
Resent-Message-Id: <E1riHSq-008rTN-8Z@lyra.w3.org>
Received: from puck.w3.org ([34.196.82.207]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tpauly@apple.com>) id 1riHSo-008rSK-LG for ietf-http-wg@listhub.w3.org; Thu, 07 Mar 2024 17:23:26 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=References:To:Cc:In-reply-to:Date:Subject:MIME-version:Content-type: Message-id:From:Reply-To; bh=0vrxJL8cuiUv8GUgLuQBH59e5f6gSLohLewhhX2A8L0=; t=1709832206; x=1710696206; b=dXVSzfHOlvL1+lbYOQl3j/9qzOJSTgRfb5wnZRHT1cJtKAy ugE1CDIvWI4fmr7q2hD/5VQUgmPgRsEfsO96LM9HlptplBb+u/N7aIhg+rU0sqkANCh5BScE4hZuK HHf8P5i4WZWD9zIuUe31kCj1M+DehU5CvS/kU0XK2Lx4yaTErGiYNb4mlTDOdHOseCBr9Ia0Kw9BQ mF8leb+EWysZEMUKDXOr6vssB0P2XttH6N5Zwy6rSyo5H74gn/755o3vTM8hovS9VJBBJ2y3kwvaV DzpQTXTW3eoOGWX7zevxHgFfOpj3bZRy6Pbbj56+E+hG55/g8rR6M7Vj/qXme5yg==;
Received-SPF: pass (puck.w3.org: domain of apple.com designates 17.32.222.23 as permitted sender) client-ip=17.32.222.23; envelope-from=tpauly@apple.com; helo=ma-mailsvcp-mx-lapp02.apple.com;
Received: from ma-mailsvcp-mx-lapp02.apple.com ([17.32.222.23]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <tpauly@apple.com>) id 1riHSn-005cyi-2v for ietf-http-wg@w3.org; Thu, 07 Mar 2024 17:23:26 +0000
Received: from rn-mailsvcp-mta-lapp03.rno.apple.com (rn-mailsvcp-mta-lapp03.rno.apple.com [10.225.203.151]) by ma-mailsvcp-mx-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S9Z00YE3MYWCD10@ma-mailsvcp-mx-lapp02.apple.com> for ietf-http-wg@w3.org; Thu, 07 Mar 2024 09:23:22 -0800 (PST)
X-Proofpoint-GUID: GKMph7146eGtIBfo3kBtNObTMxjBmhp2
X-Proofpoint-ORIG-GUID: GKMph7146eGtIBfo3kBtNObTMxjBmhp2
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-07_14,2024-03-06_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 malwarescore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2403070118
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=0vrxJL8cuiUv8GUgLuQBH59e5f6gSLohLewhhX2A8L0=; b=xBdZUGAOsHuT6hW6VON2dTOwwjyJ7difDe3XZzstjrrZ2dzKWexT33PM0eyXky0HDnva a80is4WH/diqvPc02nK8RDReZ30MSANOrNVBcqCSt2LC+txAlzXP/iuQiVSVR6hQd9m8 1u3LjHWgvU1B2YMxn4Ur+ImGS9HsGVqyK5DNV3y41o7UHi8ArAnG3V9EzQP3aYk8/CX+ OfMDKg/1p2BDc23aEdpXrn1icCBOU7ltpGaYd8RxKl18qEohM25nwmilBWbq3KZL4wQg Ztn4gpPLBFKE9+2V5d5PZZ9FE0/XzeoCCk+6e/ZRS7gH8xSLLMXDWKJmlAy9NQBK0VxG AA==
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S9Z00N6VMYX6SH0@rn-mailsvcp-mta-lapp03.rno.apple.com>; Thu, 07 Mar 2024 09:23:21 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S9Z00J00MNRZH00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Thu, 07 Mar 2024 09:23:21 -0800 (PST)
X-Va-A:
X-Va-T-CD: 158140aa57b268c5a5a04ad7e5bcdcb9
X-Va-E-CD: c9bd4101e6b9c7970cf18ac1d952aca8
X-Va-R-CD: 07c6ebd6c62e25bf0ecdfba5c6b0180d
X-Va-ID: f622847e-a44a-41d7-9e81-b24a42a7223b
X-Va-CD: 0
X-V-A:
X-V-T-CD: 158140aa57b268c5a5a04ad7e5bcdcb9
X-V-E-CD: c9bd4101e6b9c7970cf18ac1d952aca8
X-V-R-CD: 07c6ebd6c62e25bf0ecdfba5c6b0180d
X-V-ID: 0a593ea2-da0c-4b7c-81e7-8a257732e148
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-07_14,2024-03-06_01,2023-05-22_02
Received: from smtpclient.apple ([17.11.55.244]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S9Z00T5HMYW1600@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Thu, 07 Mar 2024 09:23:20 -0800 (PST)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <5ACFB8D4-8B0F-48B2-83B0-896F9EB5615E@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_66BC45AE-9CB1-4EE7-99D9-054325670F4F"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Thu, 07 Mar 2024 09:23:10 -0800
In-reply-to: <CALGR9oYV6qUFyh+tSo7BbuiEUSUQwDU4hauFjMTiMozCD=AeSA@mail.gmail.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
To: Lucas Pardue <lucaspardue.24.7@gmail.com>, Ben Schwartz <bemasc@meta.com>
References: <7228A073-F867-4007-BB44-0AA547455539@apple.com> <CAPDSy+5ETu3BeA-0defYYKhLhMZ9f6UE=boxAp7aFwh-RTi9xw@mail.gmail.com> <SA1PR15MB437034E91B1959A206D82482B3792@SA1PR15MB4370.namprd15.prod.outlook.com> <0489428B-16E4-42AF-8224-9054122DD41A@apple.com> <662ECDC0-3B90-443F-BD0F-AF340FD7FEED@meta.com> <CAPDSy+7TEseyJv5TO0BLrdRBpGvjGLOeEqSbZW4JN8xir5c1tg@mail.gmail.com> <8A616C9D-496D-4730-938D-A9BDB1CEBC48@meta.com> <CAPDSy+7Lo0KkeYNsUdbsjoaoN3Dc_pCGabHSuXGXtt31a_Ungg@mail.gmail.com> <4CFF195E-5D02-414D-9C08-A7647CD7A2D0@apple.com> <CAPDSy+6FZ2VDy0AbfMEHOYNmn9oLix2LfGYkKmcLRQTPiskccg@mail.gmail.com> <CALGR9ob0BRCAqxSYsUmuAxQBUfy=RWwUfrt2Ndwnzjko7ar9NQ@mail.gmail.com> <SA1PR15MB4370403D574E866985DFDEC7B3202@SA1PR15MB4370.namprd15.prod.outlook.com> <CALGR9oYV6qUFyh+tSo7BbuiEUSUQwDU4hauFjMTiMozCD=AeSA@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
X-W3C-Hub-DKIM-Status: validation passed: (address=tpauly@apple.com domain=apple.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.7
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.583, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1riHSn-005cyi-2v ea1afc3b4f536e5db02f838c3b39ff4b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: WGLC for draft-ietf-httpbis-connect-tcp
Archived-At: <https://www.w3.org/mid/5ACFB8D4-8B0F-48B2-83B0-896F9EB5615E@apple.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51869
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Agreed that we don’t necessarily need to have the details of capsules here, but it might be good to mention it or explain how it would work. If someone does add the Capsule-Protocol header to a connect-tcp request, should we say that servers should reject it (until we have a well-defined behavior for capsules)? Although at that point, I’d wonder if it’s actually a relatively small section to add to define what the capsules mean…

Tommy

> On Mar 7, 2024, at 9:18 AM, Lucas Pardue <lucaspardue.24.7@gmail.com> wrote:
> 
> Hey,
> 
> On Thu, 7 Mar 2024, 17:00 Ben Schwartz, <bemasc@meta.com <mailto:bemasc@meta.com>> wrote:
>> I don't think it makes sense to add a dependency on the Capsule Protocol here, given the significant additional complexity and (at present) zero added value.  If the Capsule Protocol becomes relevant, future implementations can negotiate it via the Capsule-Protocol header field.
>> 
>> As an example of the complexity, note that all uses of the Capsule Protocol to date are "atomic": each capsule is expected to be buffered and processed as a whole.  In this thread we've heard proposals to introduce new capsule types that the recipient must process in "streaming" fashion.  This mix of atomic and streaming capsules is a new wrinkle in the Capsule Protocol.
> 
> 
> FWIW the capsule protocol spec highlights this and normatively recommends streaming https://datatracker.ietf.org/doc/html/rfc9297#section-3.2-12. 
> Whether implementations do or don't is an implementation matter. Intermediaries that don't processes datagrams would not benefit from buffering them. That might have influenced capsule implementations, a survey would be useful.
> 
> H2 and H3 implementations already have to deal with streaming of frames. I dont think streaming capsules would add much complexity for them.
> 
> I do agree a capsule based connect-tcp could be added as a separate extension mode. I don't have much strong opinion on whether we do it that way, or by default.
> 
> Cheers
> Lucas
> 
>> 
>> Regarding multiple IPs: adding this capability later is difficult because we do not have a well-defined extension mechanism (unless we are willing to derive capabilities from the template's variable names).  The extensibility problem also applies when considering retrofitting this capability to Connect-UDP (in addition to some other problems specific to UDP).
>> 
>> --Ben
>> From: Lucas Pardue <lucaspardue.24.7@gmail.com <mailto:lucaspardue.24.7@gmail.com>>
>> Sent: Wednesday, March 6, 2024 6:32 PM
>> To: David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>>
>> Cc: Tommy Pauly <tpauly@apple.com <mailto:tpauly@apple.com>>; Ben Schwartz <bemasc@meta.com <mailto:bemasc@meta.com>>; HTTP Working Group <ietf-http-wg@w3.org <mailto:ietf-http-wg@w3.org>>
>> Subject: Re: WGLC for draft-ietf-httpbis-connect-tcp
>>  
>> 
>> 
>> On Wed, 6 Mar 2024, 23:15 David Schinazi, <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
>> First, to respond to Tommy's chair comment about WGLC: I absolutely agree this needs more review. Additionally, I think we should wait for implementation experience before sending it to the IESG.
>> 
>> Now, to respond to Tommy's technical points as individual:
>> 
>> When we originally developed the capsule protocol, I was worried about the consequences of taking over the data stream. Luckily, there's a straightforward solution: we define a DATA capsule - the semantics of all DATA capsules is that they are concatenated to create the DATA stream. That would allow us to have message content ("body") with methods that rely on the capsule protocol.
>> 
>> I hadn't really thought about it in the context of connect-tcp, but I like that idea. We could say that connect-tcp always uses the capsule protocol, and then uses DATA capsules to encode the CONNECT/TCP bytestream. It's a little bit more code on the receiver, and pretty much none on the sender (just send a DATA capsule with length=2^61).
>> 
>> I think what you're saying is DATA capsules could be used to provide agility in whether implementations interleave Capsules or not. 
>> 
>> A common concern I hear is that any level of framing risks losing an ability to "splice" the post-CONNECT data stream onto a consumer. That reduces performance compared to classic CONNECT. I think using a large DATA capsule adds trivial overhead before deciding if a splice is OK or not - implementations already have to read HEADERS before switching to that mode.
>> 
>> The nice property of allowing other capsules before switching into a large DATA, is that it could allow for custom capsule types to exchange metadata that doesn't fit well in CONNECT-associated headers. For instance, some binary blob that is larger than typical header size limits on the Internet. 
>> 
>> Cheers
>> Lucas

v2.23.0 | Report a Bug | By Email