new version trusted-proxy20 draft

Salvatore Loreto <salvatore.loreto@ericsson.com> Fri, 14 February 2014 18:59 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D001A02F2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 14 Feb 2014 10:59:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.449
X-Spam-Level:
X-Spam-Status: No, score=-7.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOooXs2IGiU9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 14 Feb 2014 10:59:05 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id A10E81A0278 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 14 Feb 2014 10:59:04 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1WENx0-0005fO-Vd for ietf-http-wg-dist@listhub.w3.org; Fri, 14 Feb 2014 18:57:27 +0000
Resent-Date: Fri, 14 Feb 2014 18:57:26 +0000
Resent-Message-Id: <E1WENx0-0005fO-Vd@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <salvatore.loreto@ericsson.com>) id 1WENwq-0005bM-PW for ietf-http-wg@listhub.w3.org; Fri, 14 Feb 2014 18:57:16 +0000
Received: from mailgw1.ericsson.se ([193.180.251.45]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <salvatore.loreto@ericsson.com>) id 1WENwn-0002ua-M1 for ietf-http-wg@w3.org; Fri, 14 Feb 2014 18:57:16 +0000
X-AuditID: c1b4fb2d-b7f5d8e000002a7b-b9-52fe66f30798
Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.183.42]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 84.67.10875.3F66EF25; Fri, 14 Feb 2014 19:56:51 +0100 (CET)
Received: from ESESSMB109.ericsson.se ([169.254.9.236]) by ESESSHC008.ericsson.se ([153.88.183.42]) with mapi id 14.02.0387.000; Fri, 14 Feb 2014 19:56:15 +0100
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
CC: "draft-loreto-httpbis-trusted-proxy20@tools.ietf.org" <draft-loreto-httpbis-trusted-proxy20@tools.ietf.org>
Thread-Topic: new version trusted-proxy20 draft
Thread-Index: AQHPKbZvMgDBE/GT0EeSmbMJUq1iHw==
Date: Fri, 14 Feb 2014 18:56:14 +0000
Message-ID: <449272CA-71CB-4D7D-B431-A42140346B27@ericsson.com>
References: <20140214184207.27936.53657.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.149]
Content-Type: multipart/alternative; boundary="_000_449272CA71CB4D7DB431A42140346B27ericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrMLMWRmVeSWpSXmKPExsUyM2K7lu7ntH9BBoveC1m8PXGJyeJwyywm ByaPL5c/s3kcnbefNYApissmJTUnsyy1SN8ugStj0/5ZzAWbjSrm/P3O2sC4XquLkZNDQsBE YubBhYwQtpjEhXvr2boYuTiEBA4ySjy52cgE4SxhlPg2bTILSBWbgJnE84dbmEFsEQEdiY6W xUBFHBzMAoUS06fzg4SFBbQkLnW8Z4Qo0Zd433IVytaT+LjjCTuIzSKgKvFvDUQNr4C9xK2p /8FsIQFHifM/28FWMQId9P3UGiYQm1lAXOLWk/lMEIcKSCzZc54ZwhaVePn4HyuErSSx9vB2 Foj6ZImn/edYIOYLSpyc+YRlAqPILCSjZiEpm4WkDCKuI7Fg9yc2CFtbYtnC18ww9pkDj4F6 QT62lphxQAtZyQJGjlWM7LmJmTnp5YabGIERdXDLb90djKfOiRxilOZgURLn/fDWOUhIID2x JDU7NbUgtSi+qDQntfgQIxMHp1QDY4nez85lZfuPHt+6pURVVXuW6NSAq433NH65HDR64CPY u1Nq7ZZZqz9tu5Tj/oXFcS9/lBcTy+us1g9Tt3RMeH0g/rleQTRbr1PdnsIKt14PR9Ggr6U6 f7dnh/6vumNgtUXtSrCNXlLapyWdTO/LZDgTm7uWO2jHc9hdSWvbkhK04ub94om8SizFGYmG WsxFxYkAIUVE13YCAAA=
Received-SPF: pass client-ip=193.180.251.45; envelope-from=salvatore.loreto@ericsson.com; helo=mailgw1.ericsson.se
X-W3C-Hub-Spam-Status: No, score=-4.0
X-W3C-Hub-Spam-Report: AWL=-1.714, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1WENwn-0002ua-M1 83e794fbe7986ff4af90307997c99124
X-Original-To: ietf-http-wg@w3.org
Subject: new version trusted-proxy20 draft
Archived-At: <http://www.w3.org/mid/449272CA-71CB-4D7D-B431-A42140346B27@ericsson.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/22233
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

dear wg

we have submitted a new version of the "Explicit Trusted Proxy in HTTP/2.0" draft


I want to highlight that
the only change asked by this draft in order to support an Explicit Trusted Proxy
is the definition of a new ALPN protocol id value as you can read in the Abstract below.
No other changes to HTTP2 spec neither to the TLS protocol are required.


Abstract:
  The purpose of this Internet Draft is to continue the discussion on
  explicit and trusted proxy as intermediary of HTTP2 traffic.

  The httpbis wg has agreed on the HTTP2 usage with HTTP URIs, with or
  without TLS, without any constraints from the standard (see: issue
  314).

  To distinguish between an HTTP2 connection meant to transport "https"
  URIs resources and an HTTP2 connection meant to transport "http" URIs
  resource, the draft proposes to

     register a new value in the Application Layer Protocol negotiation
     (ALPN) Protocol IDs registry specific to signal the usage of HTTP2
     to transport "http" URIs resources: h2clr.

  This document describes two alternative methods for an user-agent to
  automatically discover and for an user to provide consent for a
  Trusted Proxy to be securely involved when he or she is requesting an
  HTTP URI resource over HTTP2 with TLS.

   Section 3.1 proposes a solution based on sending a proxy certificate
   in the TLS handshake.

   Section 3.2 proposes a solution based on the presence of a Captive
   Proxy.

  The consent is supposed to be per network access.

  The draft also describes the role of the Trusted
  Proxy in helping the user to fetch HTTP URIs resource when the user
  has provided consent to the Trusted Proxy to be involved.

URL:            http://www.ietf.org/internet-drafts/draft-loreto-httpbis-trusted-proxy20-01.txt
Status:         https://datatracker.ietf.org/doc/draft-loreto-httpbis-trusted-proxy20/
Htmlized:       http://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01
Diff:           http://www.ietf.org/rfcdiff?url2=draft-loreto-httpbis-trusted-proxy20-01



Comments, suggestion and feedback are really welcome

best regards
Salatore