Re: Alt-SvcB

Tommy Pauly <> Tue, 25 October 2022 23:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BC407C14CE32 for <>; Tue, 25 Oct 2022 16:12:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.33
X-Spam-Status: No, score=-8.33 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CgG7PRBPVYLN for <>; Tue, 25 Oct 2022 16:12:24 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 688D4C14CF1F for <>; Tue, 25 Oct 2022 16:12:24 -0700 (PDT)
Received: from lists by with local (Exim 4.94.2) (envelope-from <>) id 1onT2a-004oma-6h for; Tue, 25 Oct 2022 23:09:00 +0000
Resent-Date: Tue, 25 Oct 2022 23:09:00 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <>) id 1onT2Z-004olc-DQ for; Tue, 25 Oct 2022 23:08:59 +0000
Received: from ([] by with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <>) id 1onT2T-001nQ7-Jo for; Tue, 25 Oct 2022 23:08:59 +0000
Received: from pps.filterd ( []) by ( with SMTP id 29PN69f3012189; Tue, 25 Oct 2022 16:08:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=V9FhUmz2W4ZhUCrfh0N5pzksegNoaX26dYg6irbPNa4=; b=bSjzVylyrqlV6QdBEKGBRdvgMpW2XnuC5wYOLRyGQswFXQKbIpxjFU6gL0P0OCLH//Fz mSOulOAJ+bFNOnwIIoSjreiWK5OJdmiuQCtwO4WOOjRFYjdFfNcPlnGMRXL+jSxedSn4 gV7QGswM9sYBkR+ImwF/OR4fqw0yQeAWHSf4SgKsXEAlCqEBrb5ym2LQyNT7y7ZDHJ8z DBHRF6DtxPonS47SMljnHTD5s/1gbEtfpU1up2ooT7RwYuyYp3gocTuLlU6KSqHPTahl zIW7vPtusaQHE7e0Qwx7yQ58fgcsnZn+5Kh8Du+VOu/gvyupdXvc4F9yqgInQPoJoJGy Qw==
Received: from ( []) by with ESMTP id 3kcc25dvvp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 25 Oct 2022 16:08:35 -0700
Received: from ( []) by (Oracle Communications Messaging Server 64bit (built Jul 11 2022)) with ESMTPS id <>; Tue, 25 Oct 2022 16:08:35 -0700 (PDT)
Received: from by (Oracle Communications Messaging Server 64bit (built Jul 11 2022)) id <>; Tue, 25 Oct 2022 16:08:34 -0700 (PDT)
X-Va-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-Va-E-CD: 8c8215fd9f03e60e18246037ecdb1d49
X-Va-R-CD: a0fde10e5b571921d84e20def2fe57ff
X-Va-CD: 0
X-Va-ID: 1df715be-7f6d-4c2a-911d-8ca106dd714f
X-V-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-V-E-CD: 8c8215fd9f03e60e18246037ecdb1d49
X-V-R-CD: a0fde10e5b571921d84e20def2fe57ff
X-V-CD: 0
X-V-ID: ebea51d7-8ea3-4c7e-8db2-4022b65b1b2b
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.545,18.0.895 definitions=2022-10-25_13:2022-10-25,2022-10-25 signatures=0
Received: from ([]) by (Oracle Communications Messaging Server 64bit (built Jul 11 2022)) with ESMTPSA id <>; Tue, 25 Oct 2022 16:08:34 -0700 (PDT)
From: Tommy Pauly <>
Message-id: <>
Content-type: multipart/alternative; boundary="Apple-Mail=_356377BE-6BD0-4A54-9F84-B0758D0A5D72"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3730.0.21\))
Date: Tue, 25 Oct 2022 16:08:22 -0700
In-reply-to: <>
Cc: Lucas Pardue <>, Ian Swett <>, Martin Thomson <>, HTTP Working Group <>
To: David Schinazi <>
References: <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3730.0.21)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.545,18.0.895 definitions=2022-10-25_13:2022-10-25,2022-10-25 signatures=0
Received-SPF: pass client-ip=;;
X-W3C-Hub-DKIM-Status: validation passed: (, signature is good
X-W3C-Hub-Spam-Status: No, score=-11.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.517, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: 1onT2T-001nQ7-Jo 9a2d73551aead850725fe044b7231734
Subject: Re: Alt-SvcB
Archived-At: <>
X-Mailing-List: <> archive/latest/40488
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

Would you really need to add goodies to Alt-Svc, until you need a non-QUIC transport? Just having h3 hints in Alt-Svc is enough to know that you can try QUIC, and from there you can have both QUIC version negotiation as well as ALPN negotiation for a theoretical H4-over-QUIC.

I agree that OSes can be slow — and certainly I’ll push for the OSes I can influence to support the DNS records you need in the short term — but I think the timeline we’re looking at is about the time it takes to replace QUIC. If we look at the time between TCP and QUIC, I think we have quite a bit of time before this becomes an issue (on the order of 10+ years).


> On Oct 25, 2022, at 3:54 PM, David Schinazi <> wrote:
> We'll be ready to drop support for Alt-Svc once browsers have access to HTTPS RR everywhere. Until that happens, browsers will still use Alt-Svc for new HTTP versions, and we will still add goodies to Alt-Svc. If the IETF doesn't standardize those, then browsers will come up with their own solutions. The problem here is once again misaligned incentives: browsers want to be fast and to use new standards but it's the OSes that need to change their DNS APIs. Do we know anyone at POSIX interested in revamping getaddrinfo?
> David
> On Tue, Oct 25, 2022 at 2:25 PM Lucas Pardue < <>> wrote:
>> I'd also add that by deprecating Alt-Svc, we can reasonably descope it from other related work, to the advantage if the community.
>> For instance, Martin Duke and I have a draft intended to optimise performance of selecting QUIC versions with HTTP/3 [1]. We describe how this works with the HTTPS record. We also have to accommodate Alt-Svc since  "that's what people use", even though we know that Alt-Svc's design is broken for this type of versioning support in certain scenarios like multi-CDN.
>> I can live with contuinuing to send Alt-Svc in order to support legacy clients. Alt-Svc being frozen in time and not getting new goodies seems fair. 
>> Cheers
>> Lucas
>> [1] -
>> On Tue, 25 Oct 2022, 21:33 Tommy Pauly, < <>> wrote:
>>> The way I’d look at this is that we should be fine keeping the use of Alt-Svc for existing (and what will become legacy) clients to upgrade to h3, but we should not use it for any new protocol discovery. I.e., when we have an HTTP version that needs some transport other than TCP and QUIC, we shouldn’t plan on using Alt-Svc for that. So, our timeline should be to make sure clients can do HTTPS RRs by the time we replace QUIC, which should give us time.
>>> Tommy
>>>> On Oct 25, 2022, at 1:21 PM, Ian Swett < <>> wrote:
>>>> I would second David's statement.  In the world we live in today, we still need to use the Alt-Svc header for a substantial number of users.
>>>> On Tue, Oct 25, 2022 at 2:31 PM David Schinazi < <>> wrote:
>>>>> Hi Martin,
>>>>> Thanks for writing this up. Overall I think the long-term strategy makes sense, but I think it's too early to obsolete/deprecate 7838. It's fairly common for browsers to use getaddrinfo() on some platforms and that does not provide access to HTTPS RRs. In those cases, 7838 is the only path to using HTTP/3, so I expect browsers to keep using it for quite some time. Marking 7838 as obsolete doesn't reflect that reality.
>>>>> David
>>>>> On Mon, Oct 24, 2022 at 5:10 PM Martin Thomson < <>> wrote:
>>>>>> Hey everyone,
>>>>>> The Alt-Svc design team has been very busy recently and making some progress on working out an alternative alternative services design.
>>>>>> I just posted as a -00 draft.  This outlines the alternative design that we've been exploring in the design team.
>>>>>> The basic idea is split into two procedures:
>>>>>> 1. Use: When an Alt-SvcB field or ALTSVCB frame is encountered, the client looks for HTTPS records for the provided name in the DNS and creates a connection using what it learns.
>>>>>> 2. Reuse: When a client that has previously used an alternative service connects again, it remembers the HTTPS record that worked.  It performs a regular HTTPS record lookup for the server - not using the alternative that it learned, but the name from the URI - but it prefers the alternative it previously used if that alternative appears in the results.
>>>>>> The draft explains in more detail and goes into some of the implications of the design.
>>>>>> This is not done by any imagining.  We have a bunch of open issues at that do require some amount of input.  But we think that this is a promising approach and would appreciate more input.
>>>>>> Cheers,
>>>>>> Martin