IETF Logo Mail Archive

Re: Question regarding HTTP/2, SNI, and IP addresses

Stephane Bortzmeyer <bortzmeyer@nic.fr> Fri, 18 June 2021 13:06 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC05E3A42D8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Jun 2021 06:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.648
X-Spam-Level:
X-Spam-Status: No, score=-2.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMs25RVnnZIp for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Jun 2021 06:06:35 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A5F63A42D7 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 18 Jun 2021 06:06:34 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1luE8D-0002eP-Hf for ietf-http-wg-dist@listhub.w3.org; Fri, 18 Jun 2021 13:02:00 +0000
Resent-Date: Fri, 18 Jun 2021 13:01:57 +0000
Resent-Message-Id: <E1luE8D-0002eP-Hf@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <bortzmeyer@nic.fr>) id 1luE6z-0002Uy-DD for ietf-http-wg@listhub.w3.org; Fri, 18 Jun 2021 13:00:48 +0000
Received: from mx4.nic.fr ([2001:67c:2218:2::4:12]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <bortzmeyer@nic.fr>) id 1luE6r-0000FX-Dz for ietf-http-wg@w3.org; Fri, 18 Jun 2021 13:00:35 +0000
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 24AA5280BDF; Fri, 18 Jun 2021 15:00:20 +0200 (CEST)
Received: by mx4.nic.fr (Postfix, from userid 500) id 1EC6728116A; Fri, 18 Jun 2021 15:00:20 +0200 (CEST)
Received: from relay01.prive.nic.fr (unknown [10.1.50.11]) by mx4.nic.fr (Postfix) with ESMTP id 17149280BDF; Fri, 18 Jun 2021 15:00:20 +0200 (CEST)
Received: from b12.nic.fr (b12.tech.ipv6.nic.fr [IPv6:2001:67c:1348:7::86:133]) by relay01.prive.nic.fr (Postfix) with ESMTP id 13C336071EB8; Fri, 18 Jun 2021 15:00:20 +0200 (CEST)
Received: by b12.nic.fr (Postfix, from userid 1000) id 0EC133FF96; Fri, 18 Jun 2021 15:00:20 +0200 (CEST)
Date: Fri, 18 Jun 2021 15:00:20 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: John Mattsson <john.mattsson@ericsson.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20210618130020.GA20059@nic.fr>
References: <HE1PR0701MB30500174B18EDB6C2704D15B890D9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <HE1PR0701MB30500174B18EDB6C2704D15B890D9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
X-Operating-System: Debian GNU/Linux 10.9
X-Kernel: Linux 4.19.0-16-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Bogosity: No, tests=bogofilter, spamicity=0.002056, version=1.2.2
X-PMX-Version: 6.4.9.2830568, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2021.6.18.123916, AntiVirus-Engine: 5.83.0, AntiVirus-Data: 2021.6.18.5830000
Received-SPF: pass client-ip=2001:67c:2218:2::4:12; envelope-from=bortzmeyer@nic.fr; helo=mx4.nic.fr
X-W3C-Hub-Spam-Status: No, score=-9.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1luE6r-0000FX-Dz fc39ee898a269aad9a8e7d784cee78cc
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Question regarding HTTP/2, SNI, and IP addresses
Archived-At: <https://www.w3.org/mid/20210618130020.GA20059@nic.fr>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38921
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Fri, Jun 18, 2021 at 12:30:17PM +0000,
 John Mattsson <john.mattsson@ericsson.com> wrote 
 a message of 226 lines which said:

>   *   IP addresses cannot be sent in SNI.
>   *   IP addresses are not domain names.

Indeed. RFC 6066, section 3 is clear 'Literal IPv4 and IPv6 addresses
are not permitted in "HostName"."' I've seen at least one TLS server
violently shutting down the connection when it received a literal IPv6
address in SNI (but not for IPv4). But in practice, it seems the
robustness principle is widely applied and TLS servers accept literal
IP addresses in SNI.

Not really for this WG but it can be noted this is an issue for DoT
(RFC 7858) and DoH (RFC 8484) since it is common to refer to DNS
resolvers by IP address.

v2.23.0 | Report a Bug | By Email