Stephen Farrell's No Objection on draft-ietf-httpbis-tunnel-protocol-05: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Mon, 29 June 2015 16:02 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA481ACE88 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jun 2015 09:02:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kBj5oepmdtbe for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jun 2015 09:02:03 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA2491ACE6B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 29 Jun 2015 09:02:03 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Z9bRw-0005ho-7M for ietf-http-wg-dist@listhub.w3.org; Mon, 29 Jun 2015 15:58:24 +0000
Resent-Date: Mon, 29 Jun 2015 15:58:24 +0000
Resent-Message-Id: <E1Z9bRw-0005ho-7M@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1Z9bRj-0005h3-OW for ietf-http-wg@listhub.w3.org; Mon, 29 Jun 2015 15:58:11 +0000
Received: from mail.ietf.org ([4.31.198.44]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1Z9bRc-00065C-Vm for ietf-http-wg@w3.org; Mon, 29 Jun 2015 15:58:10 +0000
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 817941ACE7D; Mon, 29 Jun 2015 08:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAeRr89mKdtd; Mon, 29 Jun 2015 08:57:31 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D9E311AD0C0; Mon, 29 Jun 2015 08:56:58 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
Cc: httpbis-chairs@ietf.org, mnot@mnot.net, draft-ietf-httpbis-tunnel-protocol.shepherd@ietf.org, draft-ietf-httpbis-tunnel-protocol.ad@ietf.org, draft-ietf-httpbis-tunnel-protocol@ietf.org, ietf-http-wg@w3.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.4.p1
Auto-Submitted: auto-generated
Message-ID: <20150629155658.26582.74856.idtracker@ietfa.amsl.com>
Date: Mon, 29 Jun 2015 08:56:58 -0700
Received-SPF: none client-ip=4.31.198.44; envelope-from=stephen.farrell@cs.tcd.ie; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-9.0
X-W3C-Hub-Spam-Report: AWL=3.899, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1Z9bRc-00065C-Vm ef2efd2341ffbc6940eac27866aec13f
X-Original-To: ietf-http-wg@w3.org
Subject: Stephen Farrell's No Objection on draft-ietf-httpbis-tunnel-protocol-05: (with COMMENT)
Archived-At: <http://www.w3.org/mid/20150629155658.26582.74856.idtracker@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29861
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Stephen Farrell has entered the following ballot position for draft-ietf-httpbis-tunnel-protocol-05: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-tunnel-protocol/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for handling my discuss. --- OLD COMMENTS below, I didnt' check 'em. - I can see situations where I might want to not tell the proxy what protocol I'll be using inside TLS and when TLS1.3 hides ALPM from the proxy (I hope:-) then could there be value registering a "I'm not telling" ALPN value so that a UA wouldn't have to lie to the proxy? - I think you ought say what you expect a proxy to do if the ALPN header field and the ALPN TLS extension value do not match and I think that ought say that a CONNECT recipient in such cases SHOULD NOT drop the connection solely on that basis. If they have some policy about it fine, but they shouldn't barf just because there's a different order or spelling or just a different value. - Replicating values at multiple protocol layers produces a common failure mode where code only uses one copy to do access control or authorization or where two nodes in sequence use different copies, with unexpected behaviour resulting. I think you should call that out in the security considerations section as it keeps happening.
- Stephen Farrell's No Objection on draft-ietf-http… Stephen Farrell