TLS over http2 frames

Ben Burkert <ben@benburkert.com> Fri, 15 August 2014 02:31 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B0231A89DF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Aug 2014 19:31:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.57
X-Spam-Level:
X-Spam-Status: No, score=-7.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9kun2qTCq8V5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Aug 2014 19:31:52 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAD2F1A89DE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 14 Aug 2014 19:31:51 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XI7Ga-0005zf-H7 for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 02:29:20 +0000
Resent-Date: Fri, 15 Aug 2014 02:29:20 +0000
Resent-Message-Id: <E1XI7Ga-0005zf-H7@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <ben@benburkert.com>) id 1XI7GD-0005ys-6x for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 02:28:57 +0000
Received: from mail-pd0-f171.google.com ([209.85.192.171]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <ben@benburkert.com>) id 1XI7GC-00016m-3w for ietf-http-wg@w3.org; Fri, 15 Aug 2014 02:28:56 +0000
Received: by mail-pd0-f171.google.com with SMTP id z10so2606035pdj.16 for <ietf-http-wg@w3.org>; Thu, 14 Aug 2014 19:28:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:from:content-type:message-id:date:to :content-transfer-encoding:mime-version; bh=9f5KAono/SQ4LeplPdI/mntUBIs9eWjWUkhDYZOrl4k=; b=KHjurm/psuGHThKg6gQJJgQ0EL0ODmHRoNyHuXgen2sHmOX/EFK37qG4o/CJc4a0BN HoNS0jPI1GePosuCWsixbzaTGyHoLGogUaRqkxEBZ8QA7WbBVYxI1+Nk1TYvLJ3JBIQT RndVJ9J5fs+0X+AN5IGXc822pT/PYa2JEWnE1SMSTwmhEjQ0QBtpvDUsXQhcB/mpDc95 HJgPNuBwn2KfVeJSCBPey6eAQfTqvm+A0x7bgn8yFwnc/lNCX1QN3lnWMKJdHS5PDcDg mNbsMFkWzHZnviqehhP+/VT337jAYCyREFqPHNEKthNjyOgjoesF8aqMXIZThpfBsOj8 VW/g==
X-Gm-Message-State: ALoCoQnhzFWDG7cVD5zlfDa26oY+HcJ14e13GuvscuKjfiK8g1Q2CSY/e81VlBzNEsVYy4qiLvtZ
X-Received: by 10.70.129.162 with SMTP id nx2mr14191819pdb.73.1408069709328; Thu, 14 Aug 2014 19:28:29 -0700 (PDT)
Received: from [10.123.58.163] (mobile-166-137-184-090.mycingular.net. [166.137.184.90]) by mx.google.com with ESMTPSA id nh16sm9976794pdb.9.2014.08.14.19.28.27 for <ietf-http-wg@w3.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 14 Aug 2014 19:28:27 -0700 (PDT)
From: Ben Burkert <ben@benburkert.com>
Content-Type: text/plain; charset="utf-8"
X-Mailer: iPhone Mail (11D201)
Message-Id: <108A24ED-3EED-42C6-B01D-20331A3A0593@benburkert.com>
Date: Thu, 14 Aug 2014 19:28:23 -0700
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Received-SPF: pass client-ip=209.85.192.171; envelope-from=ben@benburkert.com; helo=mail-pd0-f171.google.com
X-W3C-Hub-Spam-Status: No, score=-0.7
X-W3C-Hub-Spam-Report: MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XI7GC-00016m-3w 1f1a5128426a71d24485b7616540f4b8
X-Original-To: ietf-http-wg@w3.org
Subject: TLS over http2 frames
Archived-At: <http://www.w3.org/mid/108A24ED-3EED-42C6-B01D-20331A3A0593@benburkert.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26601
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hello,

I believe that there is a need for an http2 extension that allows for TLS over http2 frames. An extension to support simultaneous encryption between the client & intermediary and end-to-end encryption between the client & server on the same connection. The use case is analogous to browsers that send HTTPS requests over an encrypted VPN connection.

The CDN industry has largely evolved around the constraints of the modern web protocols; especially wrt http1.1 and https. In a number of ways the proposed http2 protocol has been designed to address flaws & oversights in http1.1 that made CDNs a necessity. A large amount design effort has been focused on reusing and optimizing a single client/server connection. This is at odds with the CDN practice of serving a website's assets through an out-of-band connection to the CDN's network.

As CDNs adapt to http2 their role may evolve into an intermediary layer that provide their service over the same  http2 connection in between client and server. We are already seeing similar services offered by CDNs. For example, traffic to www.whitehouse.gov is served first through Akamai's network before requests reach the drupal backend servers. This type of service can benefit clients by providing high availability and expanded presence, but at a cost to security; end-to-end encryption is not possible. Encrypted traffic must be terminated by the intermediary and then re-encrypted on it's way to the server. This is the case for http1.1 as well as http2, which is at odds with http2's goal of improved security.

An extension to allow TLS over frames addresses this problem by providing for a second layer of encryption. The outside (existing) layer would be used for communication between the client/server and intermediary, while the inside layer would provide end-to-end encryption between the client and server. Requests and responses would also be layered: the outside request/response would contain headers shared (and actionable upon) by the intermediary and the other two parties. The inside request/response would be passed through blindly by the intermediary. To put it a different way, the outside request/response is there to help the intermediary route/cache/serve the inside request/response which it cannot see.

One possible solution would be to add a TLS_HANDSHAKE frame for initiating the second layer of encryption. This frame would carry the tls messages for the handshake between the client & server. A client would initiate it (with the client hello message) on a new stream. After the handshake is successful, both sides would encrypt the payload of DATA frames with this tls session. the payload of the encrypted data would be the frames of the inner request/response. The outer request/response is comprised of HEADER & CONTINUE frames, but the DATA frame hold the inner request/response (which can be made up of HEADER, CONTINUE, and nested DATA frames). Any streams that depend on this stream would also be expected to encrypt the DATA frames.

This is by no means a completed solution, but I am interested in hearing this group’s opinions on the problem and this potential approach.

Regards,
-Ben