IETF Logo Mail Archive

Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00

Mark Nottingham <mnot@mnot.net> Sun, 15 September 2019 04:10 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38D541200B8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 14 Sep 2019 21:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.999
X-Spam-Level:
X-Spam-Status: No, score=-2.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=IzYKhY35; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=hQismdxp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNddE4UHeuJH for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 14 Sep 2019 21:10:17 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1445D120058 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 14 Sep 2019 21:10:16 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1i9Lov-0007WK-ED for ietf-http-wg-dist@listhub.w3.org; Sun, 15 Sep 2019 04:07:29 +0000
Resent-Date: Sun, 15 Sep 2019 04:07:29 +0000
Resent-Message-Id: <E1i9Lov-0007WK-ED@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1i9Loo-0007VT-3t for ietf-http-wg@listhub.w3.org; Sun, 15 Sep 2019 04:07:22 +0000
Received: from out4-smtp.messagingengine.com ([66.111.4.28]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1i9Lom-0004FF-D4 for ietf-http-wg@w3.org; Sun, 15 Sep 2019 04:07:21 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id AEA9F20D98; Sun, 15 Sep 2019 00:06:57 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Sun, 15 Sep 2019 00:06:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm3; bh=H kckiR6vmt0RHZAK+Ms6OT+bIVkDzILhN596wd2/uc0=; b=IzYKhY35FzBDIYU2a Gr0g3rokzwMvCHToxXrFt3xY4bpQJHQypP1ZWv1cxDSxYesfSNDA0hL6GDqhlObw Z//wDgoRatyZqrEblwqHLjjNvQsl7OxqCpMjB6/v+K6lbYcpdAHAxRujO6iC/qVD KaQ3KxrQ3425Q1FiEOrI1Pmi/yS6j95+OY+AJyR1gK3lYJUNINRLBw3hHKK69Bsx f9uZ8v8GVbu6dDh7i1sZ8q7BZsOpXLXi6GMRJ6PWYP7YC91o/pHYeoiu3qQwUrMh h3zRsUvrnTszOY7qOLsE5ECmDkJpmv6LWIv4fx15hJF1+gzi01ZsW1dzyyOanpu1 UCTSw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=HkckiR6vmt0RHZAK+Ms6OT+bIVkDzILhN596wd2/u c0=; b=hQismdxp2GuKe/v98RDGRnt1YyWTP/iN02AyXkTPzKlb9NCcEMICts18H 6AhXdzCZFuNFGOvjg4nvO/Ehozwm9uSENkrC44whj45jfAD0jJgb3Rr+gfPF5IVX ounGQG369SvR0nY3GYyCGMf/FkNgK/njDUzhs1vy6GBduKx6TeZ8gu23cZWiTbn7 FecwVbkeUTXxrwLZvOQUlz38yYSfipQOjURxph4Z0Io8d44q1U8nkImwrCwtemta Slc8S0TA0R3CgZHip/2Ey0NFKlAHcuvqUYjTx85q4dqqDl+UQ8mlrFIQs7VTkpL7 UCE0HS3XQdsjA42jLPYjvRW9JZYfA==
X-ME-Sender: <xms:37h9XYBl2dWqji-EFlKLaNrWZJ6I3-WFa0M9Npd-tvxVbOQXKSEnbw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddtgdektdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhfgjfffgkfhfvffosehtqhhmtdhhtddvnecuhfhrohhmpeforghrkhcu pfhothhtihhnghhhrghmuceomhhnohhtsehmnhhothdrnhgvtheqnecuffhomhgrihhnpe iffedrohhrghdpghhithhhuhgsrdgtohhmpdhivghtfhdrohhrghdpmhhnohhtrdhnvght necukfhppeduvddurddvtddtrdejrddugeegnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hmnhhothesmhhnohhtrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:4Lh9Xc5dM9TvW6RWpltst_OAdf2PmLvPk-c6QfJlQt7jnp0OlwVrww> <xmx:4Lh9XU0GoZfUDZKZDwXqnsLXUv6WGsLRlis6IA8HXOP4bIu8YIOAWQ> <xmx:4Lh9XR6I9VvPr0Wt8T6gr_CJEV-R5Y_AYjLhq_kNTNpNfqYJVY3bAg> <xmx:4bh9XQunWo0XBAG-8ULva2lGFB2oWCO2t5XfriioLMEzJ6OjASY--w>
Received: from attitudadjuster.mnot.net (121-200-7-144.79c807.syd.nbn.aussiebb.net [121.200.7.144]) by mail.messagingengine.com (Postfix) with ESMTPA id 335CF8005C; Sun, 15 Sep 2019 00:06:53 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAF8qwaAx2za6F5RbsFn49ShrxtXqDxL-i1HBBdUjZtGWdUaWvg@mail.gmail.com>
Date: Sun, 15 Sep 2019 14:06:49 +1000
Cc: Mike Bishop <mbishop@evequefou.be>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>, Patrick McManus <mcmanus@ducksong.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B83BFC60-7FC5-4B59-BEA7-10AF4FE99B20@mnot.net>
References: <36F559DD-7E4D-47FE-ADBF-423D09FE5AA9@mnot.net> <BN6PR2201MB120286DF8474D2B943CEC061DAB70@BN6PR2201MB1202.namprd22.prod.outlook.com> <CAF8qwaBO5-go++AbS0gzaQNXuyT7wAdLjnB9Qx3Y-tDyw7K3Uw@mail.gmail.com> <CAF8qwaAx2za6F5RbsFn49ShrxtXqDxL-i1HBBdUjZtGWdUaWvg@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
X-Mailer: Apple Mail (2.3445.104.11)
Received-SPF: pass client-ip=66.111.4.28; envelope-from=mnot@mnot.net; helo=out4-smtp.messagingengine.com
X-W3C-Hub-Spam-Status: No, score=-5.9
X-W3C-Hub-Spam-Report: AWL=3.856, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1i9Lom-0004FF-D4 4116cd4d2224bdf0dfef772a6ef1f88b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
Archived-At: <https://www.w3.org/mid/B83BFC60-7FC5-4B59-BEA7-10AF4FE99B20@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37019
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Folks, please have a read of the diff below, and say whether or not it addresses the WGLC comments. WGLC will end later this week.

Cheers,


> On 14 Sep 2019, at 8:51 am, David Benjamin <davidben@chromium.org> wrote:
> 
> I've now uploaded draft-ietf-httpbis-http2-tls13-01 which includes that PR.
> 
> https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-01 (link doesn't work as of writing but presumably will work later)
> https://www.ietf.org/id/draft-ietf-httpbis-http2-tls13-01.txt
> https://www.ietf.org/rfcdiff?url2=draft-ietf-httpbis-http2-tls13-01
> 
> On Wed, Sep 11, 2019 at 8:34 PM David Benjamin <davidben@chromium.org> wrote:
> On Mon, Sep 9, 2019 at 1:52 PM Mike Bishop <mbishop@evequefou.be> wrote:
> Giving this document a re-read, I take some issue with one wording choice that seems to be consistent throughout:
> ~~~
>    The former shares the same problems with multiplexed protocols, but
>    has a different name.  This makes it ambiguous whether post-handshake
>    authentication is allowed in TLS 1.3.
> 
>    This document clarifies that the prohibition applies to post-
>    handshake authentication but not to key updates.
> ~~~
> It's not at all ambiguous whether the prohibitions in RFC7540 apply to TLS 1.3 -- they don't.    "Deployments of HTTP/2 that negotiate TLS 1.3 or higher need only support and use the SNI extension; deployments of TLS 1.2 are subject to the requirements in the following sections."  The sections you're discussing are very explicitly excluded from covering TLS 1.3.
> 
> Aha! Somehow I'd missed that sentence. Thanks! I've applied MT's suggestion and then reworded the document accordingly in https://github.com/httpwg/http-extensions/pull/929.
>  
> But the reasons for them still apply, so you're here defining those prohibitions against the new world of TLS 1.3.  This isn't a clarification of anything formerly ambiguous, but a new definition in the same spirit and for the same reason.
> 
> The requirements themselves, I support.
> 
> -----Original Message-----
> From: Mark Nottingham <mnot@mnot.net> 
> Sent: Wednesday, September 4, 2019 11:16 PM
> To: HTTP Working Group <ietf-http-wg@w3.org>
> Cc: Tommy Pauly <tpauly@apple.com>; Patrick McManus <mcmanus@ducksong.com>
> Subject: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
> 
> David indicates that he thinks we're ready for WGLC on this document:
> 
>  https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00
> 
> Please have a look through and bring up any issues here or on the issues list, and please indicate support (or lack thereof) for advancement on the mailing list. If you are implementing or intend to implement the specification, that would be useful information for us.
> 
> WGLC will end on 19 September.
> 
> Cheers,
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 
> 

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email