Re: [TLS] Application-Layer Protocol Settings

Martin Thomson <mt@lowentropy.net> Thu, 09 July 2020 00:20 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06E723A0A47 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 8 Jul 2020 17:20:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Q39Km79d; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=gEeAKRji
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CKyOKaGjf0eZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 8 Jul 2020 17:20:00 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1D1C3A0989 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 8 Jul 2020 17:19:59 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1jtKFJ-00055i-5w for ietf-http-wg-dist@listhub.w3.org; Thu, 09 Jul 2020 00:17:01 +0000
Resent-Date: Thu, 09 Jul 2020 00:17:01 +0000
Resent-Message-Id: <E1jtKFJ-00055i-5w@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1jtKFH-00054w-48 for ietf-http-wg@listhub.w3.org; Thu, 09 Jul 2020 00:16:59 +0000
Received: from out5-smtp.messagingengine.com ([66.111.4.29]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1jtKFD-0003bA-PK for ietf-http-wg@w3.org; Thu, 09 Jul 2020 00:16:58 +0000
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 7A3295C0100; Wed, 8 Jul 2020 20:16:43 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Wed, 08 Jul 2020 20:16:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=6sAvQFelyyPu3jRZ+Vnk9CZxdZ8q F6iY44RSIahhgQY=; b=Q39Km79deEbMBKrbnepywp2d73unE5mfcOf8BUppr+0/ heR9gCRa3SEVcTVTQ08+/ffiaRHpb65gf9qkHANsevNfPp1+Y7yu6ITNXVuPwx8+ pr9T95vZFfxn9ureWom296lfZAB7QNEwV4bjpG9UfBTHtqEln+8NC98OkBDp0OMI MOjfhySUX7AcVD72ENpcQklr8kXCQD87OXVcE3sO5j1BjNS3OxaU3LT2yprJ4ZPx 1VbnEjSMaRT/v/ko50vFQTooxFPft1Er7Ae/2jh5gWHUMZ6hzp2Gdo1QQlYRuOBc aWNck+X278jpch9muw4eWf0ye2IAGaBdzP4wd62bTw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=6sAvQF elyyPu3jRZ+Vnk9CZxdZ8qF6iY44RSIahhgQY=; b=gEeAKRji9B8lh2WmWYkZbj Im80jGae6QMzHpcqL6SBwAaxqm0T8Qa70XccN2AzSezkYBWz6wwDTP0ue184OZ/2 arRcNriq3LGyRvTaQepFqhmekqM4dxIcGBPRpRA8t370vnNOc+sw2axurMC8xDKx ke/k6tGx9oWMOZ1wZ5EywpmPYvHYEBc0UgxfSi3itJ2HAG8rdcqY/H9gSskqJeG5 a64b7KpMAeVuCKPd86GTSNKKJOo7KeyxSkLxSHFCXCfEOMFFEIIdv9gJzalMKu7o oKARCSSWBm8jlQoIwOyzCq/fVfpY/qJsj5GxTAlG4Bb8nvTMGy8fVlTFK486mrVA ==
X-ME-Sender: <xms:62EGX3Fe2BW21f5CeDsR67-XKDk4cq1DXAHe5UzQpTcfuBXLp1zmDw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudekgdefgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgrrhht ihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenucggtf frrghtthgvrhhnpeekteeuieektdekleefkeevhfekffevvdevgfekgfeluefgvdejjeeg ffeigedtjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:62EGX0XYGwhFzhBfUt-8Ec2JVeKRv35ubr90I7LGYtJkm6EuIEPhNg> <xmx:62EGX5JrJaVpa-KQjgUkQJBnb4ThnHxGJIoUYCp8IJYP5FK_aenfxQ> <xmx:62EGX1FlD_sEio0xrlNdSy4D4-zEq2cveqCfULqVsDkDadByOD5Ppg> <xmx:62EGX8DupuPgn0ohaOhK9PfJ9qX7rNIpwSYK-1X_xMRoVqyDzkGTdw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0278EE00B3; Wed, 8 Jul 2020 20:16:43 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-601-g4bf46fa-fm-20200708.001-g4bf46fa8
Mime-Version: 1.0
Message-Id: <d9201e80-19b9-4854-9655-10935414143c@www.fastmail.com>
In-Reply-To: <CAAZdMacsDdcZCcS1yLSQwO3rbhnh8AVkgZHrt+A+KDKKaYWO7g@mail.gmail.com>
References: <CAAZdMaf2dKab0dJU8MLZc9JzEcVSvf8s9kgeZFo3tmsRtx2sNQ@mail.gmail.com> <374ebd02-c3f6-4124-a1e9-c2f4a17e6c54@www.fastmail.com> <CAAZdMacsDdcZCcS1yLSQwO3rbhnh8AVkgZHrt+A+KDKKaYWO7g@mail.gmail.com>
Date: Thu, 09 Jul 2020 10:16:24 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: "Victor Vasiliev" <vasilvv@google.com>
Cc: "tls@ietf.org" <tls@ietf.org>, "HTTP Working Group" <ietf-http-wg@w3.org>
Content-Type: text/plain
Received-SPF: pass client-ip=66.111.4.29; envelope-from=mt@lowentropy.net; helo=out5-smtp.messagingengine.com
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1jtKFD-0003bA-PK 2f244e0e5da7bb0f08b12cbcb13489aa
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [TLS] Application-Layer Protocol Settings
Archived-At: <https://www.w3.org/mid/d9201e80-19b9-4854-9655-10935414143c@www.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37859
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Jul 9, 2020, at 00:13, Victor Vasiliev wrote:
> For what it's worth, I don't think we should define a new ALPN token 
> for that; using ALPN tokens for flags will eventually lead to 
> combinatorial explosion (e.g. "if we define h2_half_rtt, we have to 
> define h2c_half_rtt", etc), and can also lead to some really unpleasant 
> situations with Alt-Svc.

I'm not so firm on that.  h2 was defined before 0-RTT, so there is no provision for carrying settings over into 0-RTT anyway, which is what would be required for thewebsocketprotocol CONNECT to work.  You propose defining extensions to TLS to address this shortcoming in addition to the synchronization issue, but what that really is is a new version of h2 - one where SETTINGS does not appear in application data (mostly, I assume that updates are OK).

This was discussed during the design of HTTP/2.  But 0-RTT was too new to decide anything at that point and the view was that anything could be negotiated in one of two ways: SETTINGS (which takes time) or a new protocol version.  It might seem a little early to be even contemplating a new version, but that wasn't the thinking at the time.

h2c is dead, so we don't need to worry about that.