IETF Logo Mail Archive

Re: #385: HTTP2 Upgrade / Negotiation

William Chan (陈智昌) <willchan@chromium.org> Tue, 23 October 2012 02:35 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5575D1F0C8A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Oct 2012 19:35:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.677
X-Spam-Level:
X-Spam-Status: No, score=-9.677 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1WDODBIV6K42 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Oct 2012 19:35:04 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id EE4E31F0C54 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 22 Oct 2012 19:35:03 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1TQUJM-0008PD-S7 for ietf-http-wg-dist@listhub.w3.org; Tue, 23 Oct 2012 02:33:44 +0000
Resent-Date: Tue, 23 Oct 2012 02:33:44 +0000
Resent-Message-Id: <E1TQUJM-0008PD-S7@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <willchan@google.com>) id 1TQUJE-0008Lu-JI for ietf-http-wg@listhub.w3.org; Tue, 23 Oct 2012 02:33:36 +0000
Received: from mail-qa0-f50.google.com ([209.85.216.50]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <willchan@google.com>) id 1TQUJD-0008Tb-9Z for ietf-http-wg@w3.org; Tue, 23 Oct 2012 02:33:36 +0000
Received: by mail-qa0-f50.google.com with SMTP id t11so67511qaa.2 for <ietf-http-wg@w3.org>; Mon, 22 Oct 2012 19:33:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-system-of-record; bh=1z7bprnBfDLAIGQckjQ9lBfgQbnNsHd8UDL6SOcj6SY=; b=ZKxHBtEPi5PEM6C+JtJvIBjpirSXHaO59v0Bys1d1IAlskCuZAsDCxaFKUe47ecCz6 +l0yl8P9Mb0OuEG5Zc/AU0ad3iZM2ZnQ5Uc2/CJHUuSHoTOGmiZKBpyZ2zujl/gEdtou iF4JjJ6O3suN5+5MjPLU0OeGNobeXbcluiItU0NJUzcear5JjT1PJAfujWbFaPWc1Qme rWeexaG0p/dV689hL+8Ufl/WSItvpMwiULVW6AOtYMvWcZzKsiV/OmcD3QqvX/6x16n7 ndwZ2IX/YG+RXDcJfW2N50wm2gvNxzv4N+X03sS35XTaDbvGymXsozDKzLxQUBDclfa4 dnlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-system-of-record:x-gm-message-state; bh=1z7bprnBfDLAIGQckjQ9lBfgQbnNsHd8UDL6SOcj6SY=; b=jTgm521R/pIp0xuIHRyxqPQzowq3smGpWZEI0v2isDYke7CU+EGkgR/owme6LtZGO7 b1qKZvW8OmTxJsS6Qa3uwQ4oFIF+7Dsd+mcZyp45HN5wGR5n29JJ3GXFR6IrE1B6g3CJ RLtAsGBPv5ArbnSj7EYKSu6zERFGg7C3LAq2xSjVv3ld6UAjoPPvP4lVSnieoxlWCTCz lUh1McV0vwCJIRiz8EaYx9zqd49mu4jr/F1d2EdLfsEAI+puH1BXIGPu765tZTdOz4ll b7IDCYpk3Gyeg2S7ndngAwzaTMFOzicWmUqVEGiSKnvhe+avvdBWiWgYEryv+IoDW/Xe g94Q==
MIME-Version: 1.0
Received: by 10.49.29.194 with SMTP id m2mr6065749qeh.61.1350959589170; Mon, 22 Oct 2012 19:33:09 -0700 (PDT)
Sender: willchan@google.com
Received: by 10.229.195.65 with HTTP; Mon, 22 Oct 2012 19:33:09 -0700 (PDT)
In-Reply-To: <37965570-0B05-4928-A04F-82B8C8C5E74A@mnot.net>
References: <37965570-0B05-4928-A04F-82B8C8C5E74A@mnot.net>
Date: Mon, 22 Oct 2012 19:33:09 -0700
X-Google-Sender-Auth: s0r8acH2-_i0i9K4L4-wjKpclU8
Message-ID: <CAA4WUYjBv0GAtFGONt1AxX7_gxFg1OKynrt3a-Dx0QacJxr=UA@mail.gmail.com>
From: "William Chan (陈智昌)" <willchan@chromium.org>
To: Mark Nottingham <mnot@mnot.net>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQnvOJPfEYphpO+iXC852u9ErkRSv0bUBOwGNKqd8UV95HlYi0QJXggfWYUn45wqNm5GRbioPXqyrF2q/quHR7/6kwAdp43qmiXrzrYGesIR8qpPqFDYqGbSWfWWNtGtgmKUsiFharBEo1Eb/0je8cc6TLRTNfv9SHzolMStK6xjNHtnSBYpgvm75/KsWg9/ySTlVqq6
Received-SPF: pass client-ip=209.85.216.50; envelope-from=willchan@google.com; helo=mail-qa0-f50.google.com
X-W3C-Hub-Spam-Status: No, score=-4.8
X-W3C-Hub-Spam-Report: AWL=-1.450, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.735, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1TQUJD-0008Tb-9Z 8e1ffe39cddaea3fa8daa17e3525c848
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #385: HTTP2 Upgrade / Negotiation
Archived-At: <http://www.w3.org/mid/CAA4WUYjBv0GAtFGONt1AxX7_gxFg1OKynrt3a-Dx0QacJxr=UA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/15412
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Overall, sounds good. I've included some clarifications/questions below.

On Mon, Oct 22, 2012 at 7:03 PM, Mark Nottingham <mnot@mnot.net> wrote:
> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/385>
>
> This issue is how we upgrade from 1.x to 2.x. I'd suggest we consider the issue in two parts, for HTTPS URIs and HTTP URIs. Furthermore, we need to figure out how we'll identify the protocol that's in use as we develop it.
>
> HTTPS URIs
> ==========
>
> Based on previous discussion and our charter, I think the path forward for negotiating HTTP/2.0 for https:// URIs is pretty clear; we need to make a request to the TLS Working Group, asking for a in-protocol negotiation mechanism for the "next" protocol to use.
>
> The question for us right now is what requirements we want to place upon that work. Currently, I have:
>
> ---8<---
> TLS Working Group Chairs,
>
> This is a request from the HTTPbis Working Group for you to commence work upon a mechanism that allows clients and servers to negotiate the particular application protocol to use once the session is established.
>
> Our use case is for HTTP/2.0 in conjunction with HTTP URIs; rather than defining a new port, which incurs both performance and deployment penalties, a negotiation mechanism would allow for better deployment of HTTP/2.0 for HTTPS URIs.
>
> We would expect such a mechanism to allow the client and server to negotiate the use of one of potentially many such protocols (in our case, HTTP/1.x and HTTP/2.x), identified by tokens, and falling back to a default for the port in use (in our case, HTTP/1.x) when either side doesn't support negotiation, or an agreement can't be found.
>
> We also note existing work in this area:
>   http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04
>
> The HTTPbis Working Group will be happy to coordinate schedules, review drafts and provide further input as required.
>
> --->8---
>
> Does anyone have further input? I'd like to get the request to the TLS WG very soon.
>
>
> HTTP URIs
> =========
>
> For HTTP URIs, the field is much more open.
>
> I think the basic requirement is that it be possible to negotiate use of:
>   - HTTP/1.x
>   - HTTP/2.x
>   - HTTP/2.x over TLS, possibly with caveats around cert checking, etc.
>
> for HTTP URIs. Note that we may or may not define the third "mode", but the negotiation mechanism needs to be able to accommodate it, as per our charter.
>
> There are a *lot* of ways this could happen.
>
> One suggestion has been made by Gabriel and Willy:
>   http://tools.ietf.org/html/draft-montenegro-httpbis-http2-negotiation-00
> ... which is basically a good explanation of how HTTP Upgrade was intended to work. Notably, it does not introduce a roundtrip.
>
> One of the major perceived issues with this approach is interference by broken proxies (i.e., those that don't honour the hop-by-hop status of Upgrade).
>
> I know that some experiments were done with this in the HYBI work, but I'd like to do some more, to get an idea if it's possible to mitigate some of this risk (e.g., by sending "Connection: Upgrade"). Based upon that, we can make an informed decision about this approach.
>
> Who's willing to do some experimentation? Specifically, does anyone have access to the code that was used before (IIRC, people bought some ads and inserted some Java to probe the network)?

Do you mean the Chromium HTTP upgrade experiment agl referred to in
http://www.ietf.org/mail-archive/web/tls/current/msg05593.html?

>
> Other approaches suggested as alternates and/or compliments to this include:
>
> 1) Using a SRV (or other DNS) record. There seems to be a fair amount of interest in this from the browser implementers; the only resistance seems to be around how hard this would be to deploy, but if it's not the only mechanism for upgrading to HTTP/2, it shouldn't be a concern.
>
> Presumably, we'd define a default port for HTTP/2-only communication when used in conjunction with this, so that firewalls would know to open it, etc.
>
> Does anyone object to us defining such a record (type TBD), as long as it's not the only way to get to HTTP/2 for HTTP URIs?

I'm not sure if my previous emails were taken to indicate "interest"
here. I forget what I said too :) As long as this is more of an
optional optimization than anything, I guess I'm OK with it. I'm very
much concerned about relying on it, due to experiments we have run
with TXT records that show us noticeably higher failure rates in
comparison to port 443, higher latency (we'd definitely have to race
this), and extra DNS queries.

>
> 2) Using a response header to hint that HTTP/2 is available on another port.
>
> This approach hasn't been talked about in detail yet, but it apparently (as some have noted) has the disadvantage of not upgrading the first interaction, and of requiring a separate cache (and caching model) for this information.

Just to be clear, SRV records also have the disadvantage of not
upgrading the first interaction, unless you block on the response,
which Chromium definitely is not going to do unless the environment
changes such that it doesn't kill performance.

>
> Who wants to pursue this approach? If so, we need a small proposal written, preferably as an I-D, but an e-mail would do.
>
> And, are there any other approaches we want to put on the table?
>
>
> Identifying The Protocol in Development
> ===============================
>
> Finally, I'd like to make sure we understand how we're going to identify this protocol as we move forward.
>
> The NPN, Upgrade and Alternate-Protocol approaches all (should, if we go there) use a token to identify the protocol being upgraded to, meaning that we'll be able to do something like
>
>   http2-draft-3
>   http2-draft-5
>
> when negotiating the protocol while we're developing it; as long as implementations deploy the latest version and perhaps the one before it, they should be able to interoperate, and fall back to HTTP/1 if not. The browsers have used this approach for SPDY, and it seemed to work well.
>
> To me, this implies that if we define a DNS-based mechanism to hint upgrade, it should have a similar capability, so we can reuse those tokens and this approach there too. Make sense?
>
> Concurrently, the SPDY draft uses 15 bits to identify the protocol in use. Provided we get the upgrade mechanism right, I'm less concerned about this, but it would be good if the messages were self-describing, so we should figure out what the appropriate values to put in here are too. And, maybe saving a few bits too.
>
> Cheers,
>
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>

v2.23.0 | Report a Bug | By Email