IETF Logo Mail Archive

Re: Kathleen Moriarty's Discuss on draft-ietf-httpbis-tunnel-protocol-04: (with DISCUSS and COMMENT)

Martin Thomson <martin.thomson@gmail.com> Tue, 09 June 2015 22:29 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 587C91A6F0B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 9 Jun 2015 15:29:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.412
X-Spam-Level:
X-Spam-Status: No, score=-6.412 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_61=0.6, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0reX7j0gRssU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 9 Jun 2015 15:29:24 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31ECE1A6F04 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 9 Jun 2015 15:29:24 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Z2Ryc-0004Z6-Bs for ietf-http-wg-dist@listhub.w3.org; Tue, 09 Jun 2015 22:26:34 +0000
Resent-Date: Tue, 09 Jun 2015 22:26:34 +0000
Resent-Message-Id: <E1Z2Ryc-0004Z6-Bs@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1Z2RyV-0004YL-J2 for ietf-http-wg@listhub.w3.org; Tue, 09 Jun 2015 22:26:27 +0000
Received: from mail-yh0-f54.google.com ([209.85.213.54]) by maggie.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1Z2RyU-0002f6-9S for ietf-http-wg@w3.org; Tue, 09 Jun 2015 22:26:27 +0000
Received: by yhid80 with SMTP id d80so13155492yhi.1 for <ietf-http-wg@w3.org>; Tue, 09 Jun 2015 15:26:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=v8cw7vQ4JU+t+6ohrqBVmPksyNVXBGTu+v/f9NwXuUQ=; b=JgurYwju8I9R55SAXGSBi/TwVJV4yrzktAb7+sRmrySLMvEhdav6Isa1VE9dVhBK0k 1tyZ3Lx+9R2a+sssKxSKXDde2SyW7U1yXcegib3sDVkoLwP+T+uITy3g/EQVHYY4O85+ bpfRo6rh4OuFs5RjXF8y3odVRXROU0Taj+lWHC8vffAkyFhjlhtakkFgurN63ckWjnzN +StSat1ZCPja1x+DbxiPrzrGmzKlf2ely368UQRY5YHewAYITjc2kNDzbEgRSh+gQXLS Xav3thYK3TOv6DahIdUo7Vp5Cj9UikYp6PqomO3VWNGKozOV7mG5qiMxWWpVW/6pGePW 0eQw==
MIME-Version: 1.0
X-Received: by 10.13.247.3 with SMTP id h3mr19552ywf.154.1433888760481; Tue, 09 Jun 2015 15:26:00 -0700 (PDT)
Received: by 10.129.110.138 with HTTP; Tue, 9 Jun 2015 15:26:00 -0700 (PDT)
In-Reply-To: <20150609205915.29041.3629.idtracker@ietfa.amsl.com>
References: <20150609205915.29041.3629.idtracker@ietfa.amsl.com>
Date: Tue, 09 Jun 2015 15:26:00 -0700
Message-ID: <CABkgnnW4EUhE+GTfm-N-GT9b_uh-nnZ7Ou__7C7ahRZYARekaA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, httpbis-chairs@ietf.org, Mark Nottingham <mnot@mnot.net>, draft-ietf-httpbis-tunnel-protocol.shepherd@ietf.org, draft-ietf-httpbis-tunnel-protocol.ad@ietf.org, draft-ietf-httpbis-tunnel-protocol@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.213.54; envelope-from=martin.thomson@gmail.com; helo=mail-yh0-f54.google.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.839, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1Z2RyU-0002f6-9S 20c0a8c9b9365c2bcc3396664b82d3ad
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-httpbis-tunnel-protocol-04: (with DISCUSS and COMMENT)
Archived-At: <http://www.w3.org/mid/CABkgnnW4EUhE+GTfm-N-GT9b_uh-nnZ7Ou__7C7ahRZYARekaA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29733
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Kathleen,

I've responded separately to the secdir review.  There was a lot of
overlap between that and Stephen's review.

On 9 June 2015 at 13:59, Kathleen Moriarty
<Kathleen.Moriarty.ietf@gmail.com> wrote:
> It seems to me that authentication relies on TLS.  Maybe stating this
> explicitly would address the concern?  Is there a reason this should be
> in the ALPN header(I'm not sure of that, just asking)?

We're not actually authenticating this stuff.  As I noted in my other
response, this is a promise that the client makes and one that the
proxy cannot enforce (because, TLS).  So the real uses for this header
field are: prioritization (move connections from slow and fat pipes to
fast and thin pipes, maybe), or early and cleaner denial.

The latter allows the proxy to quickly generate an HTTP status code
without having to do DPI or whatever other eldritch horrors they
currently are forced to do to recognize and deny things they don't
want.

The WebRTC case is interesting, because you can actually have some
assurance about the trustworthiness of the header field.  If you trust
the browsers, that is (though I'm not advocating that, browser people
are the most untrustworthy).

v2.23.0 | Report a Bug | By Email