Re: Working Group Last Call for draft-ietf-httpbis-tunnel-protocol

"Adrien de Croy" <adrien@qbik.com> Wed, 25 March 2015 21:18 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B41A61A8A90 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 25 Mar 2015 14:18:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jSoO-88Vrs_F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 25 Mar 2015 14:18:15 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D54A01A0058 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 25 Mar 2015 14:18:14 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Yasd2-0000gs-Rd for ietf-http-wg-dist@listhub.w3.org; Wed, 25 Mar 2015 21:14:20 +0000
Resent-Date: Wed, 25 Mar 2015 21:14:20 +0000
Resent-Message-Id: <E1Yasd2-0000gs-Rd@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <adrien@qbik.com>) id 1Yascu-0000dg-15 for ietf-http-wg@listhub.w3.org; Wed, 25 Mar 2015 21:14:12 +0000
Received: from smtp.qbik.com ([122.56.26.1]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <adrien@qbik.com>) id 1Yascs-0003H4-5Q for ietf-http-wg@w3.org; Wed, 25 Mar 2015 21:14:11 +0000
Received: From [192.168.1.146] (unverified [192.168.1.146]) by SMTP Server [192.168.1.3] (WinGate SMTP Receiver v8.3.2 (Build 4772)) with SMTP id <0000105541@smtp.qbik.com>; Thu, 26 Mar 2015 10:12:38 +1300
From: Adrien de Croy <adrien@qbik.com>
To: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Date: Wed, 25 Mar 2015 21:12:38 +0000
Message-Id: <emcfc93b12-b1ca-415a-94eb-80c7c8469cc3@bodybag>
In-Reply-To: <6BB89A55-A81D-432F-B3A0-B4EAB4BD568A@mnot.net>
Reply-To: Adrien de Croy <adrien@qbik.com>
User-Agent: eM_Client/6.0.21372.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=122.56.26.1; envelope-from=adrien@qbik.com; helo=smtp.qbik.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: AWL=-0.145, BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1Yascs-0003H4-5Q 2da91ea7522f478387869f7964970d48
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Working Group Last Call for draft-ietf-httpbis-tunnel-protocol
Archived-At: <http://www.w3.org/mid/emcfc93b12-b1ca-415a-94eb-80c7c8469cc3@bodybag>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29025
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

this issue has been raised before, but I wasn't aware of a satisfactory 
resolution.

The target of this header is a proxy.  It is proxies that set up 
tunnels.

The feedback from proxy vendors on this proposed header seems to have 
been largely ignored.

If I see

Tunnel-Protocol: smtp

Then I can presume it's either smtp or that there's a TLS layer in there 
as well, and if I want to know, then I have to sniff for a client hello 
packet.  There is therefore what seems to be a deliberate ambiguity put 
into this spec which can only be resolved by sniffing.

The stated purpose of the spec is to allow perhaps prioritisation of 
traffic or something.  But any proxy interested in security (which they 
all are) is not going to blindly take an assertion from a client that it 
cannot verify and use that as a basis for allocation of priority 
resource.

As for the assertion that "proxies do not implement the tunneled 
protocol", well.... what can I say to that? What if they do? It doesn't 
look like normative language to me. Proxies commonly actually DO 
implement such tunneled protocols.
So I can only see this header going into the strip and ignore bucket.  I 
just hope it doesn't create too much confusion further on in time.

Adrien de Croy


------ Original Message ------
From: "Mark Nottingham" <mnot@mnot.net>
To: "HTTP Working Group" <ietf-http-wg@w3.org>
Sent: 25/03/2015 3:24:59 p.m.
Subject: Working Group Last Call for draft-ietf-httpbis-tunnel-protocol

>Everyone,
>
>As discussed in the WG meeting today, we don't have any open issues for 
>this product, so I believe it's ready.
>
>Therefore, this is the announcement of WGLC for:
>   http://tools.ietf.org/html/draft-ietf-httpbis-tunnel-protocol-02
>
>Please review the document carefully, and comment on this list.
>
>WGLC will end on 10 April 2015 (I'm leaving a bit extra because this is 
>an IETF week).
>
>Cheers,
>
>
>--
>Mark Nottingham https://www.mnot.net/
>
>
>
>
>