IETF Logo Mail Archive

SNI Extension for Alt-Svc

Mike Bishop <mbishop@evequefou.be> Thu, 30 November 2017 18:07 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61101126D85 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 30 Nov 2017 10:07:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.888
X-Spam-Level:
X-Spam-Status: No, score=-6.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBztOnbeifWZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 30 Nov 2017 10:07:23 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0632C120726 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 30 Nov 2017 10:07:22 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1eKT5p-0001rx-Ca for ietf-http-wg-dist@listhub.w3.org; Thu, 30 Nov 2017 17:57:49 +0000
Resent-Date: Thu, 30 Nov 2017 17:57:49 +0000
Resent-Message-Id: <E1eKT5p-0001rx-Ca@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mbishop@evequefou.be>) id 1eKT5d-0001qY-BZ for ietf-http-wg@listhub.w3.org; Thu, 30 Nov 2017 17:57:37 +0000
Received: from mail-by2nam01on0114.outbound.protection.outlook.com ([104.47.34.114] helo=NAM01-BY2-obe.outbound.protection.outlook.com) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from <mbishop@evequefou.be>) id 1eKT5Y-0001D1-0F for ietf-http-wg@w3.org; Thu, 30 Nov 2017 17:57:36 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=lrelw8vWs5+ABcEZ5Mmz9lVFWtOrehAmSG4ixnXGWcM=; b=SkwNcruZFXICvDruzyaTi5YDFxxfepPmyIMulO+nYjJGO4AESz1BRcwxJOCclr3BOYnbB4ec0KhnrhNG8WoBZW+ov+MMLmHRmJ0BtrMO1TXW4kGp+S9uuCzUEFplmMJUI66Bp5BLZRsxeZUiE5JPsptBlr0c8yGhdBUxZxgncqs=
Received: from MWHPR08MB2432.namprd08.prod.outlook.com (10.169.203.136) by MWHPR08MB2430.namprd08.prod.outlook.com (10.169.203.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Thu, 30 Nov 2017 17:56:58 +0000
Received: from MWHPR08MB2432.namprd08.prod.outlook.com ([10.169.203.136]) by MWHPR08MB2432.namprd08.prod.outlook.com ([10.169.203.136]) with mapi id 15.20.0282.007; Thu, 30 Nov 2017 17:56:58 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
Thread-Topic: SNI Extension for Alt-Svc
Thread-Index: AdNqA3gwKumJHfvEQQWiuzGoNk95hw==
Date: Thu, 30 Nov 2017 17:56:58 +0000
Message-ID: <MWHPR08MB243210349ABEB2B0E48123E0DA380@MWHPR08MB2432.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [38.134.241.6]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR08MB2430; 6:Ox/lpKKcu4fUuZ/KP8zUV5dKW3GZkAQmn6ZZJCDEu73ZgFDr5mrCNCKZO2vh2wsrMl9MpD1XXKySu+ag63tFBTLVKCqiId7CEvfVwrqN8RegLZRJDMtASnBkdNKOhpGCyUYscSlG/lb/EZ9wOJ9cHqygPtdr0ZulVmdZspB68Nqx/vfq9nvuz/D8pufRfqCNrKSM280fhXzGIJUm4g3QcHiq+1MdznkDiptutzg//oo+0ZXYAn9qF/PocdiW+08aavAjUsPAt4103mOw/vDE3jqSoHM4finChytNCPldNQpCn/Tggq19/XA4hkIE/O3hjOH19om8Rk5R2lmN54acXlml/CfRjyEpauy8+kJ7m68=; 5:Qvs4MmwypurPYaHxltgdsfwijocu6S3wokNa1ITD2RqMrnaZ8sWazDhSq4d41uHe1pdeHl5caq5ParxoMsuP5Tp+NdjiecB0Pe4vZot73LZ3fk/phivMZ6J1LBLj8UcTFJIPRTgTR6MfnYGrcAQhFkELAmQBK+aKQ7PPCBea2t4=; 24:9USZOoe+mEyMgo81HGRAqEawevp9cl65vOVdKQF2tJI9YjoNvVrrCxOPaODkpFOZ35+xli3UKxxtLPkprEpCmF+90aa5QQtAhKs3HvZwZs4=; 7:lsrYT8bEtE8MiwAcUY7uhgDBH4kU07AHsE3L7hiuEjBuwUWuvP1stDk/BMh+YEIWnrGhzAxDAGMCUTzMAGlqVdW02iokHyhLeEKfj1Rq554JEqTt8RVYeqEDo5RpgBeBgm4s1EXfK0tFTyi9HovgD2x5rJ7dNJ9Pfe65t3w0RAqtJEami5lc92qcR9uJtkoHYNuUZOFXo4M4Na6Xn+bcfZXmQzn+1wxUaF9bUa+JDTisEJSKgWuPAz59hNCkFac1
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 9c5423ae-b4c6-4d8f-c148-08d5381bc022
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4603075)(4627115)(201702281549075)(5600026)(4604075)(2017052603286); SRVR:MWHPR08MB2430;
x-ms-traffictypediagnostic: MWHPR08MB2430:
x-microsoft-antispam-prvs: <MWHPR08MB243059AD208D14E17CB2AC09DA380@MWHPR08MB2430.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(204407124797145)(150554046322364)(227612066756510)(127952516941037)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(3231022)(6041248)(2016111802025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(6072148)(6043046)(201708071742011); SRVR:MWHPR08MB2430; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MWHPR08MB2430;
x-forefront-prvs: 05079D8470
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(366004)(39830400002)(376002)(189002)(199003)(13464003)(53546010)(4326008)(74316002)(106356001)(77096006)(3660700001)(966005)(101416001)(14454004)(316002)(189998001)(54906003)(2900100001)(66066001)(5660300001)(53386004)(68736007)(6306002)(54896002)(97736004)(99286004)(25786009)(74482002)(5890100001)(236005)(7696005)(50986010)(54356010)(81156014)(81166006)(8676002)(7736002)(6436002)(9686003)(33656002)(606006)(3280700002)(8936002)(102836003)(6506006)(478600001)(53936002)(6116002)(790700001)(86362001)(3846002)(2906002)(55016002)(6916009)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR08MB2430; H:MWHPR08MB2432.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR08MB243210349ABEB2B0E48123E0DA380MWHPR08MB2432namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 9c5423ae-b4c6-4d8f-c148-08d5381bc022
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2017 17:56:58.0318 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR08MB2430
Received-SPF: pass client-ip=104.47.34.114; envelope-from=mbishop@evequefou.be; helo=NAM01-BY2-obe.outbound.protection.outlook.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1eKT5Y-0001D1-0F 8ca26bc1a6333d5b3b6a0d82e2ba366c
X-Original-To: ietf-http-wg@w3.org
Subject: SNI Extension for Alt-Svc
Archived-At: <https://www.w3.org/mid/MWHPR08MB243210349ABEB2B0E48123E0DA380@MWHPR08MB2432.namprd08.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34895
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I was already planning to spin up a thread on that draft today, so thanks for deciding what I'm doing next today!  😉  Forking a separate thread.



WG, https://tools.ietf.org/html/draft-bishop-httpbis-sni-altsvc-00 proposes a new parameter for Alt-Svc suggesting that a client use a different (presumably generic) hostname in the TLS SNI extension, and instead gain Alt-Svc "reasonable assurances" by requesting the origin's certificate via Secondary Certificates (which is currently under Call for Adoption).  It gives a solution, albeit HTTP-specific, to SNI privacy by providing a discoverability path for which generic hostname can be used to reach a more sensitive origin under encryption.



As to the frame reference, I intentionally didn't reference which protocol, in part because Alt-Svc itself says it can be carried by various mechanisms and the definition of an Alt-Svc extension doesn't need to get into that layer.  The Alt-Svc frame for HTTP/QUIC is specified by https://tools.ietf.org/html/draft-bishop-httpbis-altsvc-quic-00.  While frames are present in both HTTP/2 and HTTP/QUIC, I don't think that makes frames a generic HTTP concept -- it's a property of certain mappings, and specified individually in each of them.



-----Original Message-----
From: Lucas Pardue [mailto:Lucas.Pardue@bbc.co.uk]
Sent: Thursday, November 30, 2017 2:13 AM
To: Mike Bishop <mbishop@evequefou.be>; ilariliusvaara@welho.com
Cc: Mark Nottingham <mnot@mnot.net>; HTTP Working Group <ietf-http-wg@w3.org>; Patrick McManus <mcmanus@ducksong.com>
Subject: RE: DRAFT: more details for HTTPtre



Hi Mike,



The connection coalescing case is interesting as it's not currently described in HTTP/QUIC. Presumably by oversight or time constraint rather than intent. (We've got a ticket open tracking that one.)



Changing track, I've just seen your SNI I-D

https://tools.ietf.org/html/draft-bishop-httpbis-sni-altsvc-00



References to Frames don't state a specific mapping (HTTP/2 or HTTP/QUIC). Reading between the lines this seems intentional, which got me thinking that also Frames could be described as a new HTTP semantic for binary-capable wire formats.



Lucas

________________________________________

From: Mike Bishop [mbishop@evequefou.be]

Sent: 28 November 2017 18:32

To: Lucas Pardue; ilariliusvaara@welho.com<mailto:ilariliusvaara@welho.com>

Cc: Mark Nottingham; HTTP Working Group; Patrick McManus

Subject: RE: DRAFT: more details for HTTPtre



I agree that HPACK is largely decouplable from HTTP/2, or HTTP.  The core of the protocol is a general-purpose compression algorithm for streaming key-value dictionaries, rather than straight text.  The pieces that bind it to H2 are incidental, and perhaps we could have structured it differently.



Coalescing isn't a new semantic -- each HTTP mapping defines how parallelism and connection reuse should work in that mapping.  HTTP/2 simply happens to define it more expansively than HTTP/1.1.













-----------------------------

http://www.bbc.co.uk

This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.

If you have received it in

error, please delete it from your system.

Do not use, copy or disclose the

information in any way nor act in reliance on it and notify the sender immediately.

Please note that the BBC monitors e-mails sent or received.

Further communication will signify your consent to this.

-----------------------------

v2.23.0 | Report a Bug | By Email