RE: HTTP/2 GREASE, Results, and Implications

Mike Bishop <mbishop@evequefou.be> Thu, 31 October 2019 17:52 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4541D12089A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 31 Oct 2019 10:52:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Level:
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atUy7uSbAKK2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 31 Oct 2019 10:52:16 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45D3A120800 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 31 Oct 2019 10:52:16 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1iQEa3-0007v5-O0 for ietf-http-wg-dist@listhub.w3.org; Thu, 31 Oct 2019 17:49:55 +0000
Resent-Date: Thu, 31 Oct 2019 17:49:55 +0000
Resent-Message-Id: <E1iQEa3-0007v5-O0@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mbishop@evequefou.be>) id 1iQEa1-0007uH-LQ for ietf-http-wg@listhub.w3.org; Thu, 31 Oct 2019 17:49:53 +0000
Received: from mail-eopbgr690139.outbound.protection.outlook.com ([40.107.69.139] helo=NAM04-CO1-obe.outbound.protection.outlook.com) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <mbishop@evequefou.be>) id 1iQEZz-0004EP-E1 for ietf-http-wg@w3.org; Thu, 31 Oct 2019 17:49:53 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D4mUJBtiN1rey7uTGSJTGhKOrFJu6rpNLdqi6qvmFACDofpRZpfOHj6/W/anqR6j6REQXYSAlAQKcMneGq8ot3S8agBF7zs2gQGHbV+rv/OA1chSz+3d0sjuSk0GjzzzvXyFiz/4IB1LcR8nNEudsRMsjTAmWrMXzr7kEYktQ55JulVCe1v70kqwOtnloMSxlY+jo+T02pxoSAM8OTW0a49JSnKJpVd7O9LKIGNzrhe6t/OrNUxuqyBxmFyCV5MjF+8c1W2VyjGG7EtxwB/1KMFxde1ufzViCxgQHmNRUoza6qkZMFf2i25xzTh+zUlFqTrf5p4O4R+KQQS7XoJQFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IB8zUnWbzzsnQ7uOq2NewQ1Xegk7aqNiCIvtbkUb7Z0=; b=eiPzn/EI51DwuDRhQT1HwimfSH/9DToFSKQcMMv23o8/7rZvKIDUHi14wvh7GAceh/AWqQKMAJZPBjcYotQeECCtFat9z/MflokvBkpfW+WGohYs8V8fAqnWCnAyR0WAF1+NJz2q6/4f/sOUjyTaiI0WiTmHTRf41DgtEbS/wdpNgpdsMKwVlRKPAAOz9+Szyfwr5FqZcNL1h137Y7OpERRUAuygyLEws7Zy8cgxtKUudQaYPyNuqXQKhsWMSNhmKwemaVJcV2eoECRVfPQAowGQO3eiUi6Vj1KjTKOFK8lwpeAorpRUchGlIp4JZ6mSfyucw/+hK2MZANS+VCHnLg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IB8zUnWbzzsnQ7uOq2NewQ1Xegk7aqNiCIvtbkUb7Z0=; b=JRIjOnsqyt3+QMCNNdn4s1aTrPsmpZGsk+jJCIm3Imh950nY7zbS59jwp6kUkg6xyOhWoC2R3z2Y3+bMzBvHjFoNZRUQ617TD+sCl3QGtJFMfhLkoESZKDHgXcJ562PQLVGpdhnezTNE08h/LT2svhSQrspLtrLsrx3aX+qNz2U=
Received: from BN6PR2201MB1700.namprd22.prod.outlook.com (10.161.152.144) by BN6PR2201MB1060.namprd22.prod.outlook.com (10.174.91.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Thu, 31 Oct 2019 17:49:47 +0000
Received: from BN6PR2201MB1700.namprd22.prod.outlook.com ([fe80::7cb4:5e4e:334c:a737]) by BN6PR2201MB1700.namprd22.prod.outlook.com ([fe80::7cb4:5e4e:334c:a737%7]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019 17:49:47 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Mike Bishop <mbishop@evequefou.be>, Lucas Pardue <lucaspardue.24.7@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: HTTP/2 GREASE, Results, and Implications
Thread-Index: AdWP/A0ck3yXHmXeTa2YBLnotcTIRgABkKoAAABb/EAAA8+uAA==
Date: Thu, 31 Oct 2019 17:49:47 +0000
Message-ID: <BN6PR2201MB1700DA200AA4C756558170A6DA630@BN6PR2201MB1700.namprd22.prod.outlook.com>
References: <BN6PR2201MB1700D10A34C72213C78E09A6DA630@BN6PR2201MB1700.namprd22.prod.outlook.com> <CALGR9oZUHDbsvWUJ=r0TBDaKOwchWux5gEF+EH0cpb6hqcs-xA@mail.gmail.com> <BN6PR2201MB1700996BA38EC2FED189E876DA630@BN6PR2201MB1700.namprd22.prod.outlook.com>
In-Reply-To: <BN6PR2201MB1700996BA38EC2FED189E876DA630@BN6PR2201MB1700.namprd22.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [2600:2b00:931f:a301:9873:7a08:df4a:d039]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 54ea8ee5-1ecf-4312-6319-08d75e2ab8c1
x-ms-traffictypediagnostic: BN6PR2201MB1060:
x-ms-exchange-purlcount: 2
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN6PR2201MB106027F48BCA35EB69B938BCDA630@BN6PR2201MB1060.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02070414A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39830400003)(136003)(366004)(396003)(376002)(199004)(189003)(51914003)(186003)(446003)(11346002)(966005)(256004)(102836004)(53546011)(71200400001)(14444005)(74316002)(99286004)(2906002)(4326008)(6506007)(6246003)(110136005)(2940100002)(6116002)(316002)(790700001)(478600001)(46003)(71190400001)(64756008)(76176011)(6436002)(486006)(25786009)(33656002)(8676002)(66446008)(66556008)(66476007)(229853002)(66946007)(81156014)(5660300002)(14454004)(7736002)(236005)(9686003)(54896002)(6306002)(8936002)(81166006)(76116006)(606006)(476003)(7696005)(55016002)(52536014)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR2201MB1060; H:BN6PR2201MB1700.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: k8M4LwdKL3P0EOFuBnWAUGM96R1EuaYm+vpL1XKjA4qX4TMQ2S+PI6dlNJGpts353BdZO4AwQgBpYQkLJZTj42aLPmJcYc0XTCrUJhkF+HzAs73OkYzMpMHMye+bz5GT4meXxlX6lRxAU2jSidzLe4OF06K2lO6GL61q+B2Z7gpcGUpdpT44U80YHjyhA8mPLCf3x/ujhrrpU738Jk87vXXq4YJ2PEvcx6ZA1smXX0RLG+60Z9tKatDjDLvhsJpTUnWrjhchuZ0FrL4sAfrvEwIzRUOzWrfrElEm5zX2E6YbutSDB3a5BkjQHhDhiHHp/hC94YMfzlWXRiQ/3ELu1hcvOCeO9HW6SArsgzy6BcXTTJp1nG260gEYqHC1BXu+VcJGsSVUUYAV0MYdYrS86Pt2SbdP+svc9inAtNVBIYuaV+1HvT5ecFCFOsU8qD0ECHwV/p0GG2FgE/dbFAv9A2BpA1cc7FMoL7Z895Z7hPI=
Content-Type: multipart/alternative; boundary="_000_BN6PR2201MB1700DA200AA4C756558170A6DA630BN6PR2201MB1700_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 54ea8ee5-1ecf-4312-6319-08d75e2ab8c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 17:49:47.4165 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 37qhGcS9mBCg0qORh+Yf3nkFBpHp5spTWI0hoJKJPzKIGhlTz1lOEONAXChGkJ49S1XLGaPHcNmzn9JDOobd0g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2201MB1060
Received-SPF: pass client-ip=40.107.69.139; envelope-from=mbishop@evequefou.be; helo=NAM04-CO1-obe.outbound.protection.outlook.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1iQEZz-0004EP-E1 83a9c823d39dc289df7e7fa336c24a3a
X-Original-To: ietf-http-wg@w3.org
Subject: RE: HTTP/2 GREASE, Results, and Implications
Archived-At: <https://www.w3.org/mid/BN6PR2201MB1700DA200AA4C756558170A6DA630@BN6PR2201MB1700.namprd22.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37090
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Upon further investigation, it appears that Akamai hosts most of the sites where the connection gets closed, and Cloudflare hosts the sites which close the stream but leave the connection open (I’m guessing, from what the dev tools show).  Given that we’re both represented here, it seems likely that we should be able to drive some internal bugfixes and improve the state of the ecosystem.

From: Mike Bishop <mbishop@evequefou.be>
Sent: Thursday, October 31, 2019 11:57 AM
To: Lucas Pardue <lucaspardue.24.7@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Subject: RE: HTTP/2 GREASE, Results, and Implications

Bence’s experiment didn’t cover anything server-sent, that I’m aware of.  Of course, if Cloudflare would like to do a corresponding experiment…?  😉

From: Lucas Pardue <lucaspardue.24.7@gmail.com<mailto:lucaspardue.24.7@gmail.com>>
Sent: Thursday, October 31, 2019 11:46 AM
To: Mike Bishop <mbishop@evequefou.be<mailto:mbishop@evequefou.be>>
Cc: HTTP Working Group <ietf-http-wg@w3.org<mailto:ietf-http-wg@w3.org>>
Subject: Re: HTTP/2 GREASE, Results, and Implications


On Thu, Oct 31, 2019 at 3:14 PM Mike Bishop <mbishop@evequefou.be<mailto:mbishop@evequefou.be>> wrote:
Way back when, I presented a draft (https://tools.ietf.org/html/draft-bishop-httpbis-grease-00) proposing that we adopt as an HTTP/2 extension the same behaviors that HTTP/3 is specifying, permitting the greasing of settings and frame types.  The outcome of that discussion was that, prior to considering adoption, we’d want to understand the real-world impact of deploying such a behavior.  Bence generously volunteered to add such an experiment to Chrome, which he has done.

The results are discussed at https://crbug.com/1019410.  TL;DR:  Settings are fine, but too many servers blow up on unknown frame types for this to be viable in major client deployments.  They don’t even tell you what they don’t like – they just PROTOCOL_ERROR on you.


Thanks for the experimentation and sharing the results Mike and Bence.

Is the sense that this is symmetrically broken? Do we have data about how server-sent GREASE frames might break clients? (and if not would that move the needle at all).

Frankly, this makes me quite sad.  It means that our primary extension mechanism for HTTP/2 has already rusted shut, and it’s now inadvisable to define new optional-to-understand frame types and send them without prior negotiation.

Now that we have this data, are we interested in pursuing the draft with settings only, or perhaps reserving frame types but recommending caution in their use?

This indeed has some practical implications to active work in the group. I can see how there might be some merit in capturing this situation, along with some guidance, in a draft that can be reference by people making HTTP/2 extensions.

Based on my experience of HTTP/3 interop to date, we are doing pretty well with GREASE perhaps it is time to capture this in the matrix. I'd also like to highlight that today the Cloudflare edge exercises all HTTP/3 grease mechanisms* for all connections.

* unidirectional stream type GREASE is sent when sufficient stream credit is provided by the client e.g. more than 3