Re: HTTPS 2.0 without TLS extension?
Zhong Yu <zhong.j.yu@gmail.com> Fri, 26 July 2013 00:23 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 700E621F8E97 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Jul 2013 17:23:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.766
X-Spam-Level:
X-Spam-Status: No, score=-9.766 tagged_above=-999 required=5 tests=[AWL=0.233, BAYES_00=-2.599, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3guYVmRd94BX for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Jul 2013 17:23:43 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 7630121F8DA3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 25 Jul 2013 17:23:43 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V2VnP-00018B-0v for ietf-http-wg-dist@listhub.w3.org; Fri, 26 Jul 2013 00:22:11 +0000
Resent-Date: Fri, 26 Jul 2013 00:22:11 +0000
Resent-Message-Id: <E1V2VnP-00018B-0v@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <zhong.j.yu@gmail.com>) id 1V2VnD-00016M-SP for ietf-http-wg@listhub.w3.org; Fri, 26 Jul 2013 00:21:59 +0000
Received: from mail-oa0-f47.google.com ([209.85.219.47]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <zhong.j.yu@gmail.com>) id 1V2VnD-0000Tz-4P for ietf-http-wg@w3.org; Fri, 26 Jul 2013 00:21:59 +0000
Received: by mail-oa0-f47.google.com with SMTP id m1so5902241oag.6 for <ietf-http-wg@w3.org>; Thu, 25 Jul 2013 17:21:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=UnD8SoAuN4N0quj7MQ67wATLBZgqGPwDM2bm2WhOj6w=; b=gBHUZEwIOq9KdhnRVovqkVFsC3q/X4V8ozZEl0f4nLd7yuUjtJ+TfcLHPbQqhG/XJe ph/Y1mMrJ/WqCcDGTgzDTE96bkONEznt0T8WENKSXTRCQJZe43UGFB9eKedQXefR5tnz 97W+ZuXOK21+YfDdgkfvx89enAQvUPqWa2pa4KP58JZvNr/W+tZerkFkIsb1tXMMsFqG 79O8P35qQGieRjR2E2hVWyOCByTucdLdRBPxAI/5ck3AcEmBbJ42dh4/ycp1CxbomUrx 73hrmEQjR5pnmrjjff888JEmVbP37eBMWhccnh6KZxPAkOn6FTHv4G4dhyOL4Hxw2RqI n3dA==
MIME-Version: 1.0
X-Received: by 10.60.76.6 with SMTP id g6mr28785715oew.52.1374798093032; Thu, 25 Jul 2013 17:21:33 -0700 (PDT)
Received: by 10.76.180.106 with HTTP; Thu, 25 Jul 2013 17:21:32 -0700 (PDT)
In-Reply-To: <CABkgnnWHCWzxUyLTF_EqudYSa3xcsSp1vcF9oukJTc7fQgXktA@mail.gmail.com>
References: <CACuKZqEBAqXs-cQF1U-g3npaXGR0LEoXZYxDv-3a+ftn-YG=_g@mail.gmail.com> <CAA4WUYjS=JXYAYKe0ueqUFbdEUC3pM8xuj--b=F=WPgnSc9xYg@mail.gmail.com> <CACuKZqGjYtmkFBEEDX+s=n=_15frt+qoQws4TWgiDEijBE+Mow@mail.gmail.com> <CACuKZqHJ-x3Q69Uvtoj4C1TGy4F+PeUyqzbdUxEUVZOVr2KEnA@mail.gmail.com> <CAA4WUYiA5A2pnqMOrntb-B_uGQRBAGeaAAf8ELtBmHhCzan63Q@mail.gmail.com> <CABkgnnWHCWzxUyLTF_EqudYSa3xcsSp1vcF9oukJTc7fQgXktA@mail.gmail.com>
Date: Thu, 25 Jul 2013 19:21:32 -0500
Message-ID: <CACuKZqGou7te9QSV_0LrmjnJOzjxXRurt0b1tTMwrJSoMH-Nrw@mail.gmail.com>
From: Zhong Yu <zhong.j.yu@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: "William Chan (陈智昌)" <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=209.85.219.47; envelope-from=zhong.j.yu@gmail.com; helo=mail-oa0-f47.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.667, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1V2VnD-0000Tz-4P 063e5ade0da411aeafdb7071896f73f0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTPS 2.0 without TLS extension?
Archived-At: <http://www.w3.org/mid/CACuKZqGou7te9QSV_0LrmjnJOzjxXRurt0b1tTMwrJSoMH-Nrw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18929
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Tue, Jul 23, 2013 at 5:34 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 23 July 2013 11:57, William Chan (陈智昌) <willchan@chromium.org> wrote: >> I find your argument for mandating HTTP Upgrade to HTTP/2.0 over TLS >> uncompelling. If others find it compelling, I would be interested in hearing >> so. > > If we are going to enable variant modes of operation, then the > justification will need to be quite strong. I don't believe that > there are many up-sides to this particular mode of operation that > would argue for its inclusion. > > If all this comes down to is an inability to talk ALPN, maybe someone > can help us understand the situation that makes it difficult to deploy > that (I can imagine a few cases where this might be the case, but it > would be better to get to concrete cases). I sent some questions to Java SSL people and got a response: http://mail.openjdk.java.net/pipermail/security-dev/2013-July/008236.html http://mail.openjdk.java.net/pipermail/security-dev/2013-July/008271.html My take is that Java will not add official support of ALPN before ALPN becomes a stable and well accepted standard. So it's a chicken and egg situation here. (Imagine how embarrassing it would be if Java standard API supports NPN:) Since the support of ALPN requires API change, Java is unlikely to back port the support to earlier versions of Java, which a lot of deployments will be stuck on for some time. Obviously Java will have to support ALPN when HTTP2 and ALPN gains a strong foothold. So I think the best thing to do in the meantime is to make ALPN optional; clients and servers should support TLS+Upgrade (which is trivial, suppose Upgrade must be supported anyway on plain TCP) for the time being. This will help HTTP/2.0 to be adopted earlier, consequently it'll push Java to support ALPN sooner. Zhong Yu > > I'll note that TLS + HTTP Upgrade is not the only option on the table > for people who find themselves wanting HTTP/2.0 but unable to deploy > ALPN.
- HTTPS 2.0 without TLS extension? Zhong Yu
- Re: HTTPS 2.0 without TLS extension? Mike Belshe
- Re: HTTPS 2.0 without TLS extension? Zhong Yu
- Re: HTTPS 2.0 without TLS extension? Ilari Liusvaara
- Re: HTTPS 2.0 without TLS extension? Yoav Nir
- Re: HTTPS 2.0 without TLS extension? Amos Jeffries
- Re: HTTPS 2.0 without TLS extension? David Morris
- Re: HTTPS 2.0 without TLS extension? William Chan (陈智昌)
- Re: HTTPS 2.0 without TLS extension? Yoav Nir
- Re: HTTPS 2.0 without TLS extension? Martin Thomson
- Re: HTTPS 2.0 without TLS extension? Zhong Yu
- Re: HTTPS 2.0 without TLS extension? Zhong Yu
- Re: HTTPS 2.0 without TLS extension? William Chan (陈智昌)
- Re: HTTPS 2.0 without TLS extension? Ryan Hamilton
- Re: HTTPS 2.0 without TLS extension? Martin Thomson
- Re: HTTPS 2.0 without TLS extension? Amos Jeffries
- Re: HTTPS 2.0 without TLS extension? Zhong Yu
- Re: HTTPS 2.0 without TLS extension? Yoav Nir
- Re: HTTPS 2.0 without TLS extension? Zhong Yu
- Re: HTTPS 2.0 without TLS extension? Roberto Peon
- Re: HTTPS 2.0 without TLS extension? Eliot Lear
- Re: HTTPS 2.0 without TLS extension? Michael Sweet