IETF Logo Mail Archive

Re: SNI requirement for H2

Martin Thomson <martin.thomson@gmail.com> Fri, 03 April 2015 20:02 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7F0B1A020D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Apr 2015 13:02:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.012
X-Spam-Level:
X-Spam-Status: No, score=-7.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EA9nV7uNQbf8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Apr 2015 13:02:25 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 818A01A007D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 3 Apr 2015 13:02:25 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Ye7k3-0002EY-Fd for ietf-http-wg-dist@listhub.w3.org; Fri, 03 Apr 2015 19:58:59 +0000
Resent-Date: Fri, 03 Apr 2015 19:58:59 +0000
Resent-Message-Id: <E1Ye7k3-0002EY-Fd@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1Ye7jw-0002Dm-8L for ietf-http-wg@listhub.w3.org; Fri, 03 Apr 2015 19:58:52 +0000
Received: from mail-ob0-f170.google.com ([209.85.214.170]) by maggie.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1Ye7jq-00084C-De for ietf-http-wg@w3.org; Fri, 03 Apr 2015 19:58:48 +0000
Received: by obvd1 with SMTP id d1so183356709obv.0 for <ietf-http-wg@w3.org>; Fri, 03 Apr 2015 12:58:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=w58OTSpIdOla/5FMp9llsxqQpjPU7pwdkoOIY6/8dR4=; b=iRmSxfB/Uk0BQ7MrTpZ01mT9T7xGjLdyT4P0bWWXTUBHkA88IwctrPwYHfMrM5XHDu lYccC9/3TSVrI4OD+EiVVXBMLEDOCkd3EeOu1yg2wLjf9YtMwCkbtdUxH4fTmuCH+6tU 84v77/z/4zzxz360Tkh8PFDXl2LPMO3CgA1H1Q8OlL3WrK9TdpgW2q06PP1oow0EbRca CUu3KO87n7eNyZGP/xWDubEFHM5uuTTUMsTy+vyt80GDxGt1vVvFIhdMtmcvmhnvDyI3 gkhS4YS1MUrJiMhJDdO49i2211lcDfOOLjWi3ocJ0r7bk39NQWPCmUq/Yn2klrb1b3zu BmMg==
MIME-Version: 1.0
X-Received: by 10.60.155.135 with SMTP id vw7mr4767290oeb.62.1428091100376; Fri, 03 Apr 2015 12:58:20 -0700 (PDT)
Received: by 10.202.48.151 with HTTP; Fri, 3 Apr 2015 12:58:20 -0700 (PDT)
In-Reply-To: <20150403192531.GP15429@1wt.eu>
References: <CAGxKgz2-5OSwPGs=S_EVwPv-dYvPSO-H4YCiXX5wt-CxTxMVpg@mail.gmail.com> <CAP+FsNcGAJjRXpQPKOs9rLk-5=JYjj24=DxNHCAv+Mib5v+2GA@mail.gmail.com> <20150403192531.GP15429@1wt.eu>
Date: Fri, 03 Apr 2015 12:58:20 -0700
Message-ID: <CABkgnnU58=SubwGjQBoHu1E8yLq=iBOdfyYOtBXbFki4m1YZkg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Willy Tarreau <w@1wt.eu>
Cc: Roberto Peon <grmocg@gmail.com>, Nicholas Hurley <hurley@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.214.170; envelope-from=martin.thomson@gmail.com; helo=mail-ob0-f170.google.com
X-W3C-Hub-Spam-Status: No, score=-6.9
X-W3C-Hub-Spam-Report: AWL=0.896, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1Ye7jq-00084C-De 02f6c02fcb0af4a7f5d5532280032db6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: SNI requirement for H2
Archived-At: <http://www.w3.org/mid/CABkgnnU58=SubwGjQBoHu1E8yLq=iBOdfyYOtBXbFki4m1YZkg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29240
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 3 April 2015 at 12:25, Willy Tarreau <w@1wt.eu> wrote:
> On Fri, Apr 03, 2015 at 12:06:36PM -0700, Roberto Peon wrote:
>> Does anyone recall why 6066 has no SNI for IP literals? (It could be an
>> empty SNI field or the SNI could indicate the IP literal)?
>
> I find it surprizing as well, given that NAT/reverse proxy is very common
> in front of servers and that the address specified in the URL bar (hence in
> the SNI if it were sent) would be authoritative and would not necessarily
> match the one the server sees on the local socket.

I don't believe that anyone bothered to define it.  SNI was (and still
largely is) designed to solve the virtual hosting problem.  Clearly
you don't have that problem if you have an IP address.

As for using AUTH48, I think that all we need to do is add a "...if a
domain name is used." clause or something like that  The problem with
this is that it would require Specification Track Manager approval.

v2.23.0 | Report a Bug | By Email