Re: Question regarding HTTP/2, SNI, and IP addresses
Martin Thomson <mt@lowentropy.net> Wed, 23 June 2021 08:52 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F32693A3004 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 23 Jun 2021 01:52:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level:
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=WQBCspe2; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=REt3rZyJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6XVqi5Ph5SU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 23 Jun 2021 01:52:06 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D64D43A3002 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 23 Jun 2021 01:52:06 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1lvyZ0-0005IO-3U for ietf-http-wg-dist@listhub.w3.org; Wed, 23 Jun 2021 08:48:53 +0000
Resent-Date: Wed, 23 Jun 2021 08:48:50 +0000
Resent-Message-Id: <E1lvyZ0-0005IO-3U@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1lvyYj-0005Ff-Sl for ietf-http-wg@listhub.w3.org; Wed, 23 Jun 2021 08:48:36 +0000
Received: from out2-smtp.messagingengine.com ([66.111.4.26]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1lvyYe-0007gj-4w for ietf-http-wg@w3.org; Wed, 23 Jun 2021 08:48:31 +0000
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 913F65C011B for <ietf-http-wg@w3.org>; Wed, 23 Jun 2021 04:48:15 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute4.internal (MEProxy); Wed, 23 Jun 2021 04:48:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=R/S7L8SK0h+34jrwyZ6cE64g8wwkZ99 2ZspHC/TJm/E=; b=WQBCspe2nHEX8VJx7LEkxPyDWs6rI2Nwwuojmu90K+4tw/O VgiVlnGvoGRVqQNp02QDrgtE4++D4kX5RsnceQEW6k28ITlI3YLp62NaQdrfbSMC S7rFW1S1AR/rgpplZyAb6tqYlIIE0CTyY8JJHN7swInW2ZJv2KkrojV/I0+51FmB VFcEWFVhnobsGosgPBbcZvULFFucO10imQ5eiygml+qThFhH+N52GLufeI/nJgIk bLmU8rjcHdwzKi4vIoNzIUJukZfbRwHopWS1x3BHFXrYn6dltXundv7Ngk4mGqWm hKEHNVzYXuGleCCQAoAN0TzYKYI57r4PwmwrGyw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=R/S7L8 SK0h+34jrwyZ6cE64g8wwkZ992ZspHC/TJm/E=; b=REt3rZyJHbOkRAJY95qK0U +CxdYkK78ORfvfU5FDzmmw4Ist92/PhyKtNRxXZ65GNG3e8oA21FXhl9d0+gGMdj xEGePlmvbb2Arb90kG2y6GdwM5nIyI0qobwQ+q+oe2F4UB5cACFd0Zxo8cjST0d7 aSvHX1m3baWsvGtUTO8M+BhpVEA6tH3uxfdyyroH+bC8hM7K8zFJB3T0tn0814PG bsKbBNwZ1CHWoXsSEcX3TKkQ8u/fsQH/fXr1/1e8VoD163FG15eT4b+1czD0oqb/ kCogSqjLuHi6VASK5MWQVDg3wT5WpIkxA3luEAhYC7zOlD6zGwT2urc5B3yNrwBA ==
X-ME-Sender: <xms:T_XSYPJrhwlXoI9_DVGBbjbJRRPyWshhJU12NjMbPHNxOtceyoP4tQ> <xme:T_XSYDJ-smAeK-8fq1DROFLZbmIemBrxyUHVJ-Y9GC3O-Tka_g7rp6_4hBJdiMl29 eIgxYllswchfVIffjE>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfeegfedgtdelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:T_XSYHv_2DKSLaG7GUyQdsG9gWXjpTgyKhTaV49BzVNmJa_VFUdmzw> <xmx:T_XSYIa1NBAjyvM0kP__X9DENW-248D0tdjkLUP2VzE23CokvOOPCA> <xmx:T_XSYGZyUwl37BNYHTGgv2byqGSlDEYgCCNm6bnqe7pa7JKLwYBsdw> <xmx:T_XSYPmiysq4h-qWgy4OBQI57pzPnoP2RMsSlzIp5taDiwuJZKAm_Q>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5F9654E00D7; Wed, 23 Jun 2021 04:48:15 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-530-gd0c265785f-fm-20210616.002-gd0c26578
Mime-Version: 1.0
Message-Id: <799d9136-9fcd-4f9f-8589-d559520aac42@beta.fastmail.com>
In-Reply-To: <20210623083046.GA558@nic.fr>
References: <HE1PR0701MB30500174B18EDB6C2704D15B890D9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <bc78d96e-d4dd-4a89-8937-165a2c9f86fa@www.fastmail.com> <20210623083046.GA558@nic.fr>
Date: Wed, 23 Jun 2021 18:47:54 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Content-Type: text/plain
Received-SPF: pass client-ip=66.111.4.26; envelope-from=mt@lowentropy.net; helo=out2-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1lvyYe-0007gj-4w 00677bf55425d5001d676b5d866b7f84
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Question regarding HTTP/2, SNI, and IP addresses
Archived-At: <https://www.w3.org/mid/799d9136-9fcd-4f9f-8589-d559520aac42@beta.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38936
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Wed, Jun 23, 2021, at 18:30, Stephane Bortzmeyer wrote: > > > The TLS implementation MUST support the Server Name Indication (SNI) [TLS-EXT] extension to TLS. If the server is identified by a domain name [DNS-TERMS], clients MUST send the server_name TLS extension unless an alternative mechanism to indicate the target host is used. > > > > What are the possible "alternative mechanisms"? Specifically? ECH is what we were thinking, but it could be something else too. The important part is that both endpoints agree on the name. Just like with ALPN and the choice of protocol. We don't get that for IP addresses, but only for lack of a mechanism really.
- Question regarding HTTP/2, SNI, and IP addresses John Mattsson
- Re: Question regarding HTTP/2, SNI, and IP addres… Stephane Bortzmeyer
- Re: Question regarding HTTP/2, SNI, and IP addres… Martin Thomson
- Re: Question regarding HTTP/2, SNI, and IP addres… John Mattsson
- Re: Question regarding HTTP/2, SNI, and IP addres… Stephane Bortzmeyer
- Re: Question regarding HTTP/2, SNI, and IP addres… Martin Thomson
- Re: Question regarding HTTP/2, SNI, and IP addres… Ilari Liusvaara