IETF Logo Mail Archive

Re: [Moderator Action] Kathleen Moriarty's Discuss on draft-ietf-httpbis-tunnel-protocol-04: (with DISCUSS and COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 10 June 2015 08:06 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99C211ACD2C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 10 Jun 2015 01:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.31
X-Spam-Level:
X-Spam-Status: No, score=-6.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_61=0.6, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TppHLfy_YMJU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 10 Jun 2015 01:06:42 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B32FD1ACD32 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 10 Jun 2015 01:06:42 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Z2ayp-0002jP-5f for ietf-http-wg-dist@listhub.w3.org; Wed, 10 Jun 2015 08:03:23 +0000
Resent-Message-Id: <E1Z2ayp-0002jP-5f@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Z2ayi-0002iM-EZ for ietf-http-wg@listhub.w3.org; Wed, 10 Jun 2015 08:03:16 +0000
Received: from raoul.w3.org ([128.30.52.128]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Z2ayh-0001GR-2r for ietf-http-wg@w3.org; Wed, 10 Jun 2015 08:03:15 +0000
Received: from homard.platy.net ([80.67.176.7] helo=[192.168.1.36]) by raoul.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Z2ayg-0005jo-FJ for ietf-http-wg@w3.org; Wed, 10 Jun 2015 08:03:14 +0000
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: multipart/alternative; boundary="Apple-Mail=_9FECC012-3E3E-4F54-9C47-5014F4D6D206"
To: Martin Thomson <martin.thomson@gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
In-Reply-To: <CABkgnnW4EUhE+GTfm-N-GT9b_uh-nnZ7Ou__7C7ahRZYARekaA@mail.gmail.com>
Resent-From: Yves Lafon <ylafon@w3.org>
Date: Wed, 10 Jun 2015 02:26:11 +0000
Cc: The IESG <iesg@ietf.org>, httpbis-chairs@ietf.org, Mark Nottingham <mnot@mnot.net>, draft-ietf-httpbis-tunnel-protocol.shepherd@ietf.org, draft-ietf-httpbis-tunnel-protocol.ad@ietf.org, draft-ietf-httpbis-tunnel-protocol@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Resent-Date: Wed, 10 Jun 2015 10:03:14 +0200
Message-Id: <CAHbuEH5BZ7kewNsk-NCiJYfR3RbYnsqSnBugAwfZ-6=-EYkr1Q@mail.gmail.com>
X-Name-Md5: efe3dad792d606410c9cc49cedaffc94
References: <20150609205915.29041.3629.idtracker@ietfa.amsl.com> <CABkgnnW4EUhE+GTfm-N-GT9b_uh-nnZ7Ou__7C7ahRZYARekaA@mail.gmail.com>
Resent-To: ietf-http-wg@w3.org
X-Mailer: Apple Mail (2.2098)
X-W3C-Hub-Spam-Status: No, score=-0.0
X-W3C-Hub-Spam-Report: ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, NML_ADSP_CUSTOM_MED=0.9, T_RP_MATCHES_RCVD=-0.01, W3C_NW=1
X-W3C-Scan-Sig: maggie.w3.org 1Z2ayh-0001GR-2r fc20fe598c048a98312a62560d6e4b0d
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Moderator Action] Kathleen Moriarty's Discuss on draft-ietf-httpbis-tunnel-protocol-04: (with DISCUSS and COMMENT)
Archived-At: <http://www.w3.org/mid/CAHbuEH5BZ7kewNsk-NCiJYfR3RbYnsqSnBugAwfZ-6=-EYkr1Q@mail.gmail.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29747
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Martin,

On Tue, Jun 9, 2015 at 6:26 PM, Martin Thomson <martin.thomson@gmail.com <mailto:martin.thomson@gmail.com>> wrote:
Hi Kathleen,

I've responded separately to the secdir review.  There was a lot of
overlap between that and Stephen's review.

Yes, thank you for your response.  I'm sorry you didn't see my No Objection before responding to this as I did see the discussion and the responses shortly after issuing the discuss and changed it.

Thanks for your work on this draft.
Kathleen 


On 9 June 2015 at 13:59, Kathleen Moriarty
<Kathleen.Moriarty.ietf@gmail.com <mailto:Kathleen.Moriarty.ietf@gmail.com>> wrote:
> It seems to me that authentication relies on TLS.  Maybe stating this
> explicitly would address the concern?  Is there a reason this should be
> in the ALPN header(I'm not sure of that, just asking)?

We're not actually authenticating this stuff.  As I noted in my other
response, this is a promise that the client makes and one that the
proxy cannot enforce (because, TLS).  So the real uses for this header
field are: prioritization (move connections from slow and fat pipes to
fast and thin pipes, maybe), or early and cleaner denial.

The latter allows the proxy to quickly generate an HTTP status code
without having to do DPI or whatever other eldritch horrors they
currently are forced to do to recognize and deny things they don't
want.

The WebRTC case is interesting, because you can actually have some
assurance about the trustworthiness of the header field.  If you trust
the browsers, that is (though I'm not advocating that, browser people
are the most untrustworthy).



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email