Re: Time to refresh HTTP/2?

Cory Benfield <> Mon, 31 August 2020 06:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 06DF23A0FB8 for <>; Sun, 30 Aug 2020 23:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yAHVLiHebl8u for <>; Sun, 30 Aug 2020 23:50:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0D94D3A0FA7 for <>; Sun, 30 Aug 2020 23:50:42 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1kCdbK-0004nW-8F for; Mon, 31 Aug 2020 06:47:34 +0000
Resent-Date: Mon, 31 Aug 2020 06:47:34 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1kCdbH-0004ml-G5 for; Mon, 31 Aug 2020 06:47:31 +0000
Received: from ([2a00:1450:4864:20::42c]) by with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1kCdbF-00071y-Tx for; Mon, 31 Aug 2020 06:47:31 +0000
Received: by with SMTP id a17so3894638wrn.6 for <>; Sun, 30 Aug 2020 23:47:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SoYpwRtvJeJihOUWZgBphOvyYkL/X7lbv89V/HVUfbI=; b=CbqiNXNL2/1xFmgtX8dXn3LI7tBDFDKtyTbw3QKVdCCn4V7/IA7Xte40d4MnmJEafa A7Pk2Lq1BsQI2unLmXLWr09W4BYGjk1AtVPw5tFj4XIaZ9ag3KiTxR5V3diK6lUYQ2aO fBlIrgk6sFPBIgXzHbfL8Q/L8pK0EE3adDVd4I0DWky+9NMT7AStnLs7G3fPZ1Z9yV5U gOK6WWf4FzxQ7JRZ/NYT9u2YAoyxq5hjOlNfhS2w46rHlO6y4SkRfzMEGtkD24/RPoF3 /wlHgciOXrTaSFupZ4G85fPrjU5fCRZ0R8plhUZVeA8w0Nf2m4jvqXV6tCqvk1w2IuaA h+wA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SoYpwRtvJeJihOUWZgBphOvyYkL/X7lbv89V/HVUfbI=; b=VDTFfWR8ZASjIAymxAS9aENB+fRFLIpWwOlQOo3nvmH9Q73xlfyhAHik7WAUKqCJjb j/5QIv+j2/jXWBJwnhapz8dtKUMIkj7kU6dyO7rQMDOOnW7eQDxwZ6gc6PGZuFaql9NM B3XoBxzBw0XzrphFmvoR6TO2phyYvZHpv1dmYhPR/5N/vB4qq8HTU+eWw1IkcCaoCj7O e0lQiL0FYnG/NT++IWU58EEsG4M2uHOY7PmnLkKtsP1Y2FjJLKUSBUVM7JUPcRPSiDjc 6gSf1/gZqEqQIcx+T4btogU86i/S6rzKokh/Uz157WSDM6SKm2z7OLfvp8qvkA3ygaw4 XFMA==
X-Gm-Message-State: AOAM533meyduR0rzsOKz4/v7LLUdQuF4xQzlh7UOrckMafUQrUq9B0un 2DrSR7BdixYC1Nlm0BOOgwNVt1aN8wF3L+Cu
X-Google-Smtp-Source: ABdhPJzkD62aUxdjJ2edCYuYNnlSfKj1+MXGEVqwABEDceBL5TJB7zfP0+WlsIlGOWMIDZcq2Ba0FA==
X-Received: by 2002:a5d:4ccb:: with SMTP id c11mr150940wrt.159.1598856438472; Sun, 30 Aug 2020 23:47:18 -0700 (PDT)
Received: from heimdall.localdomain ( []) by with ESMTPSA id h8sm10662191wrw.68.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 30 Aug 2020 23:47:17 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Cory Benfield <>
In-Reply-To: <>
Date: Mon, 31 Aug 2020 07:47:16 +0100
Cc: Martin Thomson <>, Mark Nottingham <>,
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: Willy Tarreau <>
X-Mailer: Apple Mail (2.3608.
Received-SPF: pass client-ip=2a00:1450:4864:20::42c;;
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1kCdbF-00071y-Tx 5a69932e682edcb463ec22fb95a30c79
Subject: Re: Time to refresh HTTP/2?
Archived-At: <>
X-Mailing-List: <> archive/latest/37976
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

> On 31 Aug 2020, at 06:30, Willy Tarreau <> wrote:
> Hi Martin,
> On Mon, Aug 31, 2020 at 10:10:20AM +1000, Martin Thomson wrote:
>>> Am 28.08.2020 um 13:27 schrieb Willy Tarreau:
>>> +1 as well. Wouldn't it be an opportunity to also reference (or even merge)
>>> the extensions such as RFC8441 which adds the ":protocol" pseudo-header ?
>> I tend to think that 8441 wouldn't make the cut; it's discrete in the same
>> way that the ORIGIN or ALTSVC frames are.
> I was thinking about this because the initial rules for :method/:authority/
> :path/etc were pretty strict and resulted in some hard-coded checks in the
> code I wrote, to the point that every time I thought "I really need to work
> on relaxing this to cover 8441", the number of changes in sight made me lazy.
> I'm fine with just a sentence indicating that these ones may be altered by
> extensions, with a link to 8441 as an example of such.

Yeah, I’m with Willy: I think we need _some_ wording here to address RFC7540 §

>   Endpoints MUST NOT
>   generate pseudo-header fields other than those defined in this
>   document.

This MUST NOT feels stronger than it is, due to fact that § 5.5 gives explicit permission to change these MUST NOT statements. Suitable text would probably just indicate that endpoints MUST NOT generate non-7540 pseudo-header fields except by negotiation with the peer (e.g. via SETTINGS), but that HTTP/2 does support extending in this form.

>> Just to add to the list:
>> * midders (or multiple trailers or whatever they are) are something I'm still uncertain about
>> * a re-design that included better 0-RTT design is probably off the table
>> * removing h2c is very tempting, with similar rationale to PRIORITY

Of this list the only thing I’m really tempted to add is removing h2c, and I don’t know whether that’s just because removing stuff is great. So I don’t think I’d lose any sleep if we left all of these changes out, at least for now.