Re: [TLS] Application-Layer Protocol Settings
Lucas Pardue <lucaspardue.24.7@gmail.com> Mon, 20 July 2020 21:03 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AD3D3A0F8F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 Jul 2020 14:03:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.018
X-Spam-Level:
X-Spam-Status: No, score=-3.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NS4OjnVDS-lT for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 Jul 2020 14:03:53 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8E1B3A0F8C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 20 Jul 2020 14:03:52 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1jxcuK-0001m9-NN for ietf-http-wg-dist@listhub.w3.org; Mon, 20 Jul 2020 21:01:08 +0000
Resent-Date: Mon, 20 Jul 2020 21:01:08 +0000
Resent-Message-Id: <E1jxcuK-0001m9-NN@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <lucaspardue.24.7@gmail.com>) id 1jxcuJ-0001lO-HM for ietf-http-wg@listhub.w3.org; Mon, 20 Jul 2020 21:01:07 +0000
Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <lucaspardue.24.7@gmail.com>) id 1jxcuH-0001K6-Nt for ietf-http-wg@w3.org; Mon, 20 Jul 2020 21:01:07 +0000
Received: by mail-wm1-x330.google.com with SMTP id o8so787446wmh.4 for <ietf-http-wg@w3.org>; Mon, 20 Jul 2020 14:01:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1Sum2hAaARDzUflC3+6o8/CVvM+iqsdqXyL02Ze5PXo=; b=qOqMpzubsQiUgacz/8rb4XU70A9od8ZYkw/bBeQ+O9TSRiMK1aZ35RjkaFN0iEN0yr 5SwHolWvm+3Vwlyz0FKq+oc5LLR+PGPUgtxfkYdqKlG36xU05DzG8RKk0B9wx/ZSczf5 xkfRVd5C3QZVuj3h0KslkFis87Fs61OfUYBEUbIhhRV+hQfu8LuxWJmZ2Pz2JXUr1pgI rZ9YKWtJ2hYEpHunx/rdF7Kp2xbw2GYkitqrift5neZB+8lA4LWWcbKbcoJua7nHXDNQ 9EtRWV1e+Fmuhm/X3zjNo+n3AN6bO+kkJ2B4ZAzGBL0980Bilm/sPtFFzPc8K9YWKrl+ CaOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1Sum2hAaARDzUflC3+6o8/CVvM+iqsdqXyL02Ze5PXo=; b=ExufUEkaBGkfha8/ZVaDaMeOb8uRoXZ4t71dmC7H72+QnTotji5j1SVv2qWLiYBF3C cZIlWiSmJ0Ogyu+EEM5UcW6grSxSb7GH7jVd4XajhI7vN3K9qPABc/LDSYLBpU1jwzS4 G3izzfwsCqt2V8yOE6Mh8FLioeNK8cNohPebvJZQ5QM2VOIgxO6o7BVvl99RCw5LC24O NIQhCaWENcWZ/s1UYrZFF5xwENvIrcwiBjiK+kvKJHsWdjD+5lRCGVWXpQ0eweYYiMfT uObS0mDymsw2rorDD8MiE7gw1AvFGOWvC7aUi+gjTmMwqVgz5fdE2Jg8Nbl1/oiQLzvI 9Nww==
X-Gm-Message-State: AOAM531YglR/Z2G5uvv/9tgM81hSTBytU/ruAe67WrWahu+AO0NIbYAl UYuE745nFr4cVzTIF0gPuJkPAtuBJzwcVkOe2mE=
X-Google-Smtp-Source: ABdhPJzfXwHgtiMFS1DSMX5PzFWl6QaK8IhsDOS975V+E1VUie1vUmSJWhQjiC9ihCRnz5cfbYWDpyckg90eQmwMW7c=
X-Received: by 2002:a1c:6788:: with SMTP id b130mr1056554wmc.100.1595278854297; Mon, 20 Jul 2020 14:00:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAAZdMaf2dKab0dJU8MLZc9JzEcVSvf8s9kgeZFo3tmsRtx2sNQ@mail.gmail.com> <374ebd02-c3f6-4124-a1e9-c2f4a17e6c54@www.fastmail.com> <CAAZdMacsDdcZCcS1yLSQwO3rbhnh8AVkgZHrt+A+KDKKaYWO7g@mail.gmail.com> <d9201e80-19b9-4854-9655-10935414143c@www.fastmail.com> <CALGR9obNTmDLKHrYMncKb7-aMSOnvS8H=Vu0Wjg1PgEk+U993A@mail.gmail.com> <CAAZdMaeRuytb=hDSXOjxZiMBct5kzY4sZ41bRZLmChEPvFLJjA@mail.gmail.com> <CAF8qwaByEJ4g7gqfg4q1EC=6zC7H2gqxZAhWTWtt+K7Fv-nWUw@mail.gmail.com>
In-Reply-To: <CAF8qwaByEJ4g7gqfg4q1EC=6zC7H2gqxZAhWTWtt+K7Fv-nWUw@mail.gmail.com>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Mon, 20 Jul 2020 22:00:48 +0100
Message-ID: <CALGR9oaiygX0t_1R3LUEbUVaj1Gijt_fjgVQ46WU=xmF2c1eVA@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: Victor Vasiliev <vasilvv=40google.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="0000000000006d9ace05aae5cd11"
Received-SPF: pass client-ip=2a00:1450:4864:20::330; envelope-from=lucaspardue.24.7@gmail.com; helo=mail-wm1-x330.google.com
X-W3C-Hub-Spam-Status: No, score=-7.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1jxcuH-0001K6-Nt d1a8ed2a1fb5ec6129e7ff9cbd1ddea3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [TLS] Application-Layer Protocol Settings
Archived-At: <https://www.w3.org/mid/CALGR9oaiygX0t_1R3LUEbUVaj1Gijt_fjgVQ46WU=xmF2c1eVA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37896
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Mon, 20 Jul 2020, 21:38 David Benjamin, <davidben@chromium.org> wrote: > On Mon, Jul 20, 2020 at 3:33 PM Victor Vasiliev <vasilvv= > 40google.com@dmarc.ietf.org> wrote: > >> On Mon, Jul 20, 2020 at 3:10 PM Lucas Pardue <lucaspardue.24.7@gmail.com> >> wrote: >> >>> Hi Victor, >>> >>> It seems my brain skipped over "ALPS in HTTPS" [1] when you mentioned in >>> your original email. I was reading it in the context of David Benjamin's >>> thread on Client Hint Reliability [2]. There's a couple of things that >>> surprised me when reading both drafts: >>> >>> 1. ALPS in HTTPS actually supports more than just exchanging Settings >>> Parameters, it can actually hold a series of frames. It's just that ALPS >>> only defines SETTINGS to be allowed, and Client Hints Reliability wants to >>> add more in the shape of a new ACCEPT_CH frame. I'm not sure I like the >>> idea of supporting any old frame in the TLS handshake, SETTINGS are at >>> least reasoned about in terms of how they are remembered for the purposes >>> of 0-RTT. >>> >> >> It explicitly bans all existing frames that are not SETTINGS. The >> problem here is that SETTINGS only supports integral values, so we'd be >> limited to those if we make ALPS just SETTINGS. >> > > Right, concretely there is an "Allowed in ALPS" column added by Victor's > ALPS document, which my document sets for the new frame. Old frames weren't > designed with ALPS in mind, so the ALPS document needs to make a decision. > New frames can reason about the implications of opting into ALPS and do so. > > As Victor notes, it's only a new frame because we got SETTINGS values > wrong and, per earlier discussion, the extension point we currently have is > new frames. If we want something even more restrictive, we could instead > revive draft-bishop-httpbis-extended-settings, say only SETTINGS and > EXTENDED_SETTINGS are allowed, and close it there. But I think the new > column works fine and matches how this sort of thing usually works. > That makes sense but I guess I don't see the point in defining a new thing that contains frames that are never sent on streams. That is, if these are connection settings, just send the payload. Unframed extended settings might get you there, if you can find a way to encapsulate conventional settings inside them, then all the better. Cheers Lucas /tls <https://www.ietf.org/mailman/listinfo/tls> >> >
- Application-Layer Protocol Settings Victor Vasiliev
- Re: [TLS] Application-Layer Protocol Settings Ben Schwartz
- Re: [TLS] Application-Layer Protocol Settings Martin Thomson
- Re: [TLS] Application-Layer Protocol Settings Ilari Liusvaara
- Re: [TLS] Application-Layer Protocol Settings David Benjamin
- Re: [TLS] Application-Layer Protocol Settings David Benjamin
- Re: [TLS] Application-Layer Protocol Settings Ben Schwartz
- Re: [TLS] Application-Layer Protocol Settings David Benjamin
- Re: [TLS] Application-Layer Protocol Settings Martin Thomson
- Re: [TLS] Application-Layer Protocol Settings Victor Vasiliev
- Re: [TLS] Application-Layer Protocol Settings Martin Thomson
- Re: [TLS] Application-Layer Protocol Settings Lucas Pardue
- Re: [TLS] Application-Layer Protocol Settings Victor Vasiliev
- Re: [TLS] Application-Layer Protocol Settings David Benjamin
- Re: [TLS] Application-Layer Protocol Settings Lucas Pardue
- Re: [TLS] Application-Layer Protocol Settings David Benjamin
- Re: [TLS] Application-Layer Protocol Settings Lucas Pardue
- Re: [TLS] Application-Layer Protocol Settings David Benjamin
- Re: [TLS] Application-Layer Protocol Settings Victor Vasiliev
- Re: [TLS] Application-Layer Protocol Settings David Benjamin
- Re: [TLS] Application-Layer Protocol Settings Lucas Pardue