IETF Logo Mail Archive

Re: WGLC Review: Connect-TCP

Ben Schwartz <bemasc@meta.com> Thu, 11 April 2024 21:30 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 615CBC14F739 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 11 Apr 2024 14:30:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.848
X-Spam-Level:
X-Spam-Status: No, score=-2.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="dhgQkNnD"; dkim=pass (2048-bit key) header.d=w3.org header.b="TqYN2O9Q"; dkim=pass (2048-bit key) header.d=meta.com header.b="H82+OmrC"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KSau-dPrDiqB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 11 Apr 2024 14:30:03 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D505CC14F6F4 for <httpbisa-archive-bis2Juki@ietf.org>; Thu, 11 Apr 2024 14:30:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:MIME-Version:Content-Type:In-Reply-To:References:Message-ID: Date:To:From:Cc:Reply-To; bh=FciavtgJn+uBZksMkP5PxbD2uQT3YezAVtq37LKrxZ8=; b= dhgQkNnDcEuR76WjFF/dmRZU1cNWCfpaUrcJGOrLb0Ile9cH7j2ubt2c/hd+p55GMqxWeUxLdZK/P FwvfEH1L7XmxVKAhmQvnFr/6o8AgVHt3KierZUF4ph5PBwrGo4j234SFt3t+x0D4egCRhVNb8/1CN Zpw2II5C2YFbI8cY0pBqnW7P7sHrKBd12rfCoKBMDvipt70+bUaiUQIAjQiur2WxMlYhNUigtWn02 br5SoAWgiw5f15JMMgF+PwxmJlQAfZNhgVn9YufNpyYjmxoGnU9HLhGwX3azaq8FKodVtc8R8Pg9o qa2ISP48JuS9cayflFtVLHp/WxXjtO1Ldg==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1rv1yx-0047Ih-1A for ietf-http-wg-dist@listhub.w3.org; Thu, 11 Apr 2024 21:29:19 +0000
Resent-Date: Thu, 11 Apr 2024 21:29:19 +0000
Resent-Message-Id: <E1rv1yx-0047Ih-1A@mab.w3.org>
Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <prvs=983182dc75=bemasc@meta.com>) id 1rv1yv-0047Hh-1Z for ietf-http-wg@listhub.w3.org; Thu, 11 Apr 2024 21:29:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=MIME-Version:Content-Type:In-Reply-To:References:Message-ID:Date: Subject:To:From:Cc:Reply-To; bh=FciavtgJn+uBZksMkP5PxbD2uQT3YezAVtq37LKrxZ8=; t=1712870957; x=1713734957; b=TqYN2O9QQF64JqpSnh1mk/Qewq9qQGeU1xH2Zc9yQnmUkV1 J36DnM631Vt2ry7qwWpcNu5fILYlcakOd46SN72yIaSdbTeLLs41p0xs9+bGNctrnIByigkl99sxu dBWYTw705hPLBnZADoFj7526zLAC3zD6NFMOet14QA4LMtM/tz+hJVdwhMZIDS3s5/6OSAZyiR2iG 9NVeQtik1JxgETMjB4VwB1EXuhEvvXUwvM1gKKHM94nsBgNc4t3me0MrhVlTPhVTv255ClBUl+zQy +BVcQJ2jFzef4Bum7MsSuInCKJxeLHO+5gO08ILuwDbFaRsuhvCjPVjSw2yOVHgg==;
Received-SPF: pass (pan.w3.org: domain of meta.com designates 67.231.153.30 as permitted sender) client-ip=67.231.153.30; envelope-from=prvs=983182dc75=bemasc@meta.com; helo=mx0b-00082601.pphosted.com;
Received: from mx0b-00082601.pphosted.com ([67.231.153.30]) by pan.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <prvs=983182dc75=bemasc@meta.com>) id 1rv1yu-00948m-1f for ietf-http-wg@w3.org; Thu, 11 Apr 2024 21:29:17 +0000
Received: from pps.filterd (m0148460.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 43BJXN5C019854; Thu, 11 Apr 2024 14:29:10 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=s2048-2021-q4; bh=FciavtgJn+uBZksMkP5PxbD2uQT3YezAVtq37LKrxZ8=; b=H82+OmrCCqEm87H8gyUKZhlPM2mTaJGDWbFSS7AnDqJgqTk8I+dWd3i+Zy3ptD0d5vOI 5VFtjHwwmzu3Gq98t1wfcrruRWL7XPA4uIIy+hUbm59jDpCTDKGj30YD1B/nAECF134U iy36eAp/xAc45T8V5t0SnGqkTJsYEfvZHPx3EMnfquOFLTXynDXWcf01VnFCGP5/Nf/g PHvDWyd6IJ0tZHVzKSJSiDn726mBVkyQyWJZ7Oq/nbMGZUO/ri3d0YQvwTRUoWWXtm+R 3Wu5kuaeFBTMaMyDM8nvJ2UTa5XVJhcutQGVgP5yhJBfiRzZSbdtvgE2EBS6ii2ZzuVd uQ==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3xee333mpb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 11 Apr 2024 14:29:10 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N6cyuYGVQTpMRvyqW2KDv+WqnrznTeD/vySBsVw1SCPMrsNUsZLJX4ynJvpDypUDnUdTs9Y5U00YsyCwagbXfi1MJEFDMLdFL2HkhqrEEsTZVyY1SQN5hGOwneLx9AQslKzJ1wNFe2m2wujIy7OByLB8oY2b5UJgEvULL/spTp4bFgloRZKfTzqNgwErMD5eFv+YHMeELHqtZEDGxsr4Pm9RcVPG+AyaR8MbeSNYQ1Od7Ef33DIxhfxD1kNCzedbEPdEa0FqEfpI70aaKMKfg5uMlM/Gng5kzVkHHwbrGjrTKSTHrby+3as3D9sGb6xfb46VmKD38uhx2FdpSJYKdg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uIRJgeQMYTxbr3/+6WdIBW0fnlPAH5nYKTyOIeX/wkk=; b=jxqQneG13ch1+u3HbNNa5nQVn8CRjzHUCLATz5sQPC+bfaYEjXfC62Cq25W3eQu4F10BuXE5co82Q9dUwrSVX9uTBP2slZid+MUE7cTspddaJbE0ZaNdfyUbkgu7Y4PXUAeE8Sdfd+T8GpyPkT4lHFCf0fUvRUHHIKD2/b3/P+p9tiRNVZ2JsIsaoDG5cn8LZihnse7e0iY2KnJsOM9eUcqs3NnqipYccF25OzTV5PTxuIf9h/AtmBlEPFImnEXuZP7kkRomm/VuMaC5Xox7rvW7EuU2X7bz8lUHVcbfMSyQ4INty70e1mTT6VLHdC9mBsWQ9tHul7mzRv8+7pV7uQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by PH0PR15MB4541.namprd15.prod.outlook.com (2603:10b6:510:86::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Thu, 11 Apr 2024 21:29:08 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a%5]) with mapi id 15.20.7409.053; Thu, 11 Apr 2024 21:29:08 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Mike Bishop <mbishop@evequefou.be>, HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: WGLC Review: Connect-TCP
Thread-Index: AdqMUP8/4li3paxMSSOY3ZOqlwM/ZAABSrdX
Date: Thu, 11 Apr 2024 21:29:07 +0000
Message-ID: <SA1PR15MB43705DF1DF2D46EF58B3E3DAB3052@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <PH0PR22MB310235ADC2AC97486FF94E0CDA052@PH0PR22MB3102.namprd22.prod.outlook.com>
In-Reply-To: <PH0PR22MB310235ADC2AC97486FF94E0CDA052@PH0PR22MB3102.namprd22.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|PH0PR15MB4541:EE_
x-ms-office365-filtering-correlation-id: ef8b7299-67d1-47ac-a3ba-08dc5a6e6bb7
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TOaaaT5uWSI94Pu/tKGsjq8+b4Fgigxg8JDe/4vwF+KQ1pRHVrPjq40VVi/QKoNv7+Pyn7gbJPXWt16N8Si9ROp+XuRQPqncze7lCzVilaLCUxuB16Bv+wQhbZEV712e1nx3FDyGJEAyFPy+HQDsBf5U8hCzXs6hJURR5zr5oHYg7MzW75pZolrVIVlvRrV6xOWT7ApQwpf13EhDqTO8yBfy3Ttg0PkdCKr3nZsVBnkAEjnLMwOT/wrlt11e/f8eUWRAsaYXEoWsRcCRt1TdC4VDA7UqIiV3d7YDGzASjFw6chtWvqnAi8LZda6jx1ruIytmD+Whp22Xuwu3aLguCymIo69VbMAfnhVx3qFMy8nnB4aYXrHT6idOCPU0GYYOEedaMsFAHHLp/E2iGz096ntSw4Fzqc/kWMFCknAqROkchj27YDV3SdVjN0e8+kj2kHWHE59SqpYwAZW6htwZtuQT2327UpeC5RMqpIMbkM1HmUHardcVTl16jW72Znmdhd6+3x4NgJ2hSaJK7RSMnL/LBP7zRHA9V37U2al2XR0p+jrxBxwiYIHVOwBjH+y6fzIad9Os8Yep6XF+vMLgJwcX8L5y+zC9dv7Xz2rQZvQnMjkC1G/bhah3Q8Xc4QAPKLC7gC6ejyCqGT5pVbwOzoI8iFZuz5UdcSK2L1VeEV+bLi5WQCKBZOt/g722FhijEtFrnjFYpn2S6ChdtGTNj5e6KXhklTT+s0VvE7WBPJo=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR15MB4370.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(376005)(1800799015)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: r7sjt1w63WUY2eohm/1lc11TxQUkiyp0ukOGPA76upZSrsBiFNl+NnSOtaoeeEEF5cwTjHguZMkKqjuYgXzM+SGzFRon9q5AUYHHbWz7pYHi/PUkAiXx+YBkpRupbOuNyx4vGTlRUzP8SCuIy3Xz9wOa+hVWbLCEmESe/WzD2CrGXsNyBPwnxDS9SGfiZK7cs1eC9U8wHMM7IgkSstHGHoDTlC6qVY8JqAkOtuzPksEJYuZnlQwp8E7MlSDcZZ73pavYsINGj2j9y2YvZIn8V9J8cOifQpjC/Vfzhjl37kWutdsSLTO2Wfih5dC5bxUW6MKJxTCJKvuE5hoXdeXzZQrmeyyRbaktATXK0kNocF2JTAh5oPGFuvmNGN0rV9h1uFedkW7MWhEIWGp2s7Wz3y6M289xFEu0UenWLKkBZqHI6f4UwhnRjFs2x/oaXvgzV/qM0L0ND90qtDVk4PvXc4Inc9cS+/PB80S/hd6menmh4NwrNZ9gOgO8ZNMiF+52b1y6Agw5GrL0Tz4v4ARZMvzJLPWYW9JCT+5D+zNpu/tpPqO4ca8rdQslhs9KHOLco0QIGP/8ZfPZATHtUbX1/bHAf22pUuOQG4LI79jA+tmTNTTffY0MlSJq+pMDqrsuQHopRAzv+Bpn2fEKJzPeHyYOlKeMPkHDR2BS0JrjunOay1ih4ZIPqvdvftmSieZcZkDupkzoqvuLx5AP7/Y1e6lfDp/EoWecgnooMKfUbahPtH7/Yg6GXAEdpG0y2h8oycmi8nhy+gcx/kOHIDosVBoG4rMMqcj4eK1K+SBofEy6B/F2XIUgxrGF6r5rx80C86QI5uQCfIQq7oAJgGSuY0ZmfGM7Lpbtb84KrDs3tLEyyKmDREM+vV5ej1zI5cPnyquIQqxr5jScdwZX/o3oOZKgqVufeH7/w7Wqp+akQXp1365TK4T/DNsD5sMjiYGIyfiGiG/qEKqxTHs+IjKlVwMoP5kmAqZfut0mzUyW7Tt8rXT9mHwcT/+SSIb+XgQwXJKXUZzJ+kGOO4B/5BYoWqZ8ljlx59d2TAnwRvAklm3q3MHTZBxF0e41mVgsMeVGIfNtK7mTfqcbVAPPFPfoixGQ4f7ZvcfigpTIqIsV6UPtGzJqgXha/3iPfgHaSATIuA6hmRfMgyLJK6ltX+3YTTQza+dJHxFdMZ3r2SXuWCprjMn2LNABJGUTHUz98VtTcg/izJ7dRoMUPWO2wn8YVat73yAO3y4WGc2kPLGblyTW00GzvDZy1EBKbs/IcmhadoVFk68XNfRmC4bNxl3xE6GjW75RFASYQQhkxFTYCPdL1FdMzbEMyJpQ1ZgsP+ItKWs1u96xktwhhSy/AixbZeKymxpMAusrJfjGKiC8Rl3a+6/cqlQPh5Sn9X3UFsqLltR2JmUk7i4EJubcrkjj7aWD0Z2XMvbQVHWXjqabFijL6YsJHvVsI6l4xJ0WhMZ2gBzz1n/yO2v0XSML9mrprKgt2kxIyZRhrAGxApn5p4fTlJ8OSGEZrUuOBuPrwakNeRsscmBBUqoclXWbOACyVdmQ6QOGx8tfVhfuUqS2Orcd+0AYkM5d2AwP+m1Y/ky3
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB43705DF1DF2D46EF58B3E3DAB3052SA1PR15MB4370namp_"
MIME-Version: 1.0
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ef8b7299-67d1-47ac-a3ba-08dc5a6e6bb7
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2024 21:29:07.9477 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pRilBqGEA0j4C3mh4FTLkg7MUVRbDkkFbnOfMUrsacTLQKnoz3L4y7ASc8j57LLI
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR15MB4541
X-Proofpoint-GUID: vmNa78MfdTmMLcG841V96WuQOjN67oIr
X-Proofpoint-ORIG-GUID: vmNa78MfdTmMLcG841V96WuQOjN67oIr
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-11_10,2024-04-09_01,2023-05-22_02
X-W3C-Hub-DKIM-Status: validation passed: (address=prvs=983182dc75=bemasc@meta.com domain=meta.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: ARC_SIGNED=0.001, ARC_VALID=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1rv1yu-00948m-1f 17f9d50fd94232794cfdf00fbe51d551
X-Original-To: ietf-http-wg@w3.org
Subject: Re: WGLC Review: Connect-TCP
Archived-At: <https://www.w3.org/mid/SA1PR15MB43705DF1DF2D46EF58B3E3DAB3052@SA1PR15MB4370.namprd15.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51923
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I'm happy to improve the text as suggested on all these points.

Regarding TCP RST, the argument here is that TCP connections can close cleanly or uncleanly, and that difference can be important.  The proxy needs a way to convey that information to the client.  In HTTP/2+ we have a framing layer within the protocol that can convey this distinction.  In (secure) HTTP/1.1, TLS is the framing layer, so it's logical that it should have responsibility for carrying this signal.  We could have used a TCP RST (bypassing the TLS layer) instead, but that would be less secure, less private, and prone to accidental loss by TCP middleboxes.

________________________________
From: Mike Bishop <mbishop@evequefou.be>
Sent: Thursday, April 11, 2024 5:07 PM
To: HTTP Working Group <ietf-http-wg@w3.org>
Subject: WGLC Review: Connect-TCP

Yes, I know the WGLC was a while ago, but I don’t see that we’ve submitted it yet, so here we go. 1) The direction in 3. 1 to use a TLS alert from the proxy to signal TCP RSTs from the server surprises me. Is the logic here to ensure


Yes, I know the WGLC was a while ago, but I don’t see that we’ve submitted it yet, so here we go.



1) The direction in 3.1 to use a TLS alert from the proxy to signal TCP RSTs from the server surprises me. Is the logic here to ensure that the error is reliably delivered to the client? Maybe I missed some discussion, but it might be worth mentioning the rationale in the doc.



2) Looks like we’re missing normative references to Extended CONNECT in 3.2. That’s an easy fix. (Filed an issue for this one.)



3) The permission for optimistic data in 4.1 for HTTP/2 and HTTP/3 is “not permitted” for HTTP/1.1 for good reason; is there a reason the draft stops short of a MUST NOT?



I think the document is in good shape, and I appreciate the work everyone has put into it until now.



Thanks,

Mike Bishop

v2.23.0 | Report a Bug | By Email