Question regarding HTTP/2, SNI, and IP addresses
John Mattsson <john.mattsson@ericsson.com> Fri, 18 June 2021 12:43 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 365343A1A49 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Jun 2021 05:43:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GS1p25ErhqxZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Jun 2021 05:43:27 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6099A3A1A48 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 18 Jun 2021 05:43:27 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1luDlQ-00083C-GX for ietf-http-wg-dist@listhub.w3.org; Fri, 18 Jun 2021 12:38:29 +0000
Resent-Date: Fri, 18 Jun 2021 12:38:24 +0000
Resent-Message-Id: <E1luDlQ-00083C-GX@lyra.w3.org>
Received: from www-data by lyra.w3.org with local (Exim 4.92) (envelope-from <john.mattsson@ericsson.com>) id 1luDkc-0007Y5-V9 for ietf-http-wg@listhub.w3.org; Fri, 18 Jun 2021 12:37:37 +0000
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <john.mattsson@ericsson.com>) id 1luDe4-0005qK-8T for ietf-http-wg@listhub.w3.org; Fri, 18 Jun 2021 12:30:57 +0000
Received: from mail-eopbgr60076.outbound.protection.outlook.com ([40.107.6.76] helo=EUR04-DB3-obe.outbound.protection.outlook.com) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <john.mattsson@ericsson.com>) id 1luDe0-0004Jo-9O for ietf-http-wg@w3.org; Fri, 18 Jun 2021 12:30:47 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iu7SZhJJmEEbzjQc6lvNWYCEQOJkev45lhHJsCXnRtrGV24bK1LxSgdZdA5vNDPYZNu5wx3jGddjB1zOni1zR585D0KcjlZvmy+kNVd2kfBtP8oVHaLp/XC/kkTjc3plRtlDzvvwofNTk+0QaJl/bu2JvkBpnMzI1/j6OOb7i2l4PTy8xLQTJr5/qSaYp40wEZUvo7ST7ndPKIs/dtZKLtk4cYZr51+UbBY6+/iLp3ZrH44N/D31iMEMC/3BZgEiMFGPnQneYo4Di3NeBwSNpRobJP5jNYUnVQ2ehEr8quV3KI8rJH/gc0saRoS98XYstk1S4VwjDnhTbJid9MhD8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e+QIeXlyJw0CoQKW4iM8We/BH8xry1jEGzL097gReoo=; b=iP5+5xQ9f2Zkj7BumMDEMIsPNmSPXc35KmgmE9yVlc2ai/1Ln8jZv1h/uFz/2m5a+pCpY6oRx1aQ7LfxpLNhSu7bNfFoN4/htaZVzvOoK7jOKhAuWDjwECkrp1L0dIpu9e0EfzkUB9CfM4y4bp5zKmMnBEyBfUehmm9YAcQw63kouL8mlEWKyyqPaWtQ3ZvO1U2OotyqrPmG44QxfxXY7vThGyJrToBS7LlAs6PJMidia0CIpHQFN3Ibaz5y+pklJLqx48hOq4VPJYJlyfzpq4MQZwi96oKlOdTprPEbSYU0UGCGG+h9ODm9GWURXrsYBZceY6knmRffFfN89kLfvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e+QIeXlyJw0CoQKW4iM8We/BH8xry1jEGzL097gReoo=; b=c+iCVChdj20jbHnTul12R1357GRjSaeKHjCIgVelf/1r5kelT7XIED2PCZPlpHGM5ldDIn95WLYg7YPkGmcC0UuwwRgNLdryG3R4vB8jMVKjckLgbQzmu8IRFMqVbXwl8bkqvHCJ4m92XiH5VbbN/jry9jlh4/j1s23AfcpyUP4=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2940.eurprd07.prod.outlook.com (2603:10a6:3:4c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.7; Fri, 18 Jun 2021 12:30:17 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3%11]) with mapi id 15.20.4242.018; Fri, 18 Jun 2021 12:30:17 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: Question regarding HTTP/2, SNI, and IP addresses
Thread-Index: AQHXZDuv85EGTzT58U2AXOAxYpb9oQ==
Date: Fri, 18 Jun 2021 12:30:17 +0000
Message-ID: <HE1PR0701MB30500174B18EDB6C2704D15B890D9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: w3.org; dkim=none (message not signed) header.d=none;w3.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b2ab39c6-b4da-4a08-ff24-08d93254d468
x-ms-traffictypediagnostic: HE1PR0701MB2940:
x-microsoft-antispam-prvs: <HE1PR0701MB2940F458E71C763D1B5BE5ED890D9@HE1PR0701MB2940.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: x88RtnMBPzoZZD+q+sl9b2ILgnjuvJY8rIqShXpJTWy1PnbjPo7mUwj90oHO643RWUE0jX4/mZh0HPI4uEAAMJzJfFQWy/HZ3f8hpb4vJyenpIwa8YHOaDJbEFIB5a1eq9cdRqeIrgSiMqKArmXlAsxZEh4/L4icD7rKerbCnPomponPqJFixljVfloQgM2/cvPBpKD3MJGAPOLkNcEEsIaUDOpWont9/J6mZdWlPDok4W/ESUhfq4QMlczF50C8a6NRjW4ASr0d3CpFOQxMEg0fH6zvsMNDlIg3nHUxmkINWSsCZQl3BjzSah1whFPV59udByNs+plTGiET0pIFCGztUCCqX95mHol0Pkpo1PC4PwpwXrUJ2u0aGLskSwROeMagdxgVvKFVDQG90fuE/rQEqw3oM7VI6+7YIf8a6uYchj/XC5gKCU0gUPNqvYRUg7qS6vonMSOlI0Vbx21yvMU/dLDEvtboOaJLcuj+79Q/ZdDDDwOtEbHFGiqqwoCMHxCDVoeKJWFkzgioJ8dY76h2jqEVS0OhL9SxEMwBAB44V3zNKDyHYc3kFr3LUtfNbUjk/hQ+ucy2JuBRJ+33yXZrY0/YdMx4DI2fL53OOq73mRklS+aeojQZcKCfCYGHLCOJCu+wLrCfWQNiX6GiT8Ucu5r2gbhmr+FRxigBfcWQej7GoCswOD3lROde6iv2t9ksOe5gIW54b02vVUybYVQpT7QTX+VIL1v7vC+lNEm1PgdomKaMGFyhgUF0EKPk0Od5jaFBYJQklj+6ly8yMg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:HE1PR0701MB3050.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(366004)(396003)(136003)(376002)(39860400002)(83380400001)(9686003)(76116006)(91956017)(2906002)(316002)(44832011)(66946007)(186003)(66446008)(86362001)(6506007)(33656002)(71200400001)(7696005)(5660300002)(8676002)(26005)(478600001)(66556008)(66476007)(38100700002)(122000001)(55016002)(52536014)(8936002)(166002)(6916009)(64756008)(4744005);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: F8xJvw8OuMgZykOQ2BM06/BDBoZ3ec6AKXAGMiZsJLWrTDR4xBoDLcYpVDVhP1GxKe5wxjfDP778SCZLFGFN67u3s1Y4Ltc22SxRhA0J1ngDvl5met/HZ3h4SzQRlABmo+xkRxTY+s4Rf0kGs/z5eAd8eJGQLOPbK7l9yEohDYzzqr4+/1UeGGnzcm1Bif0JZyL/8cK4EH+ShRHy+6B5muSIgjzhBYF861cKj+BmZsGj4gioUDYTYYbrAWw0dPPYFvgNthoXnYplXN+cLVxHYdwyi/2cNa2WafBnd+IJzWtyPTc1slqhHHV9kWaBJ++I8oM4Li/J/JjiC09dNqbgI3y6Gj0sDDDI1c6KRqtcfw7aajPE9s8X3q7dPDOwR7ljSika4vk9mUHtUP3XxXLo+Bh8i0TLJfPD5NW0WSSkFEx7qfHi7yZFJ5CpPcNH4gHczoBawDoS0yGvACWnM7Sdhk/KNrhiaCv4OMnDtwiDeZ2TAcn0amiBb1K0WwWuJlfjKyXVXPryTSXIqjjX9Q77fZ8eQdZEzjuCq635asvDT5OL536DOoRBZEf4hVRHQvwyKPWHzN7G02cROxw6Gnae/BcJ8dO62a5Ye0dCmCZ4NC1JuvCBA0AL4ArHxhsQaRu43SQgZQQLoDE/LEWsbM0lUQmyF0nD9W+LCJ1xJtbtFxnDCxX0LsYxqeopror1lUTYZougDiJsKN1yZKwgbrp3RvSm2sHcaplPcTyLaSi2q5KDUCH6sY3a0RQGTuUD1DkF2VbxNPryINnUCtJ+pOKl3gULFrzmBfuHrqcCWblk1IRSmNlwMrxX5fEReTyIxNAQGzLbF3bPvziEgXbSFXAi0Mf1WV60Vo0V363i3Fz6ccOpcjupo2HX4ZMuRaGtRxxX//wGkkbxV55SoDZhPvuLyjidprtJ2qyOv6USTY4mj+t0Z8k/MQPQCYsB9Dt5lqZDXkr1AB/QDXuP56tHsGVMovWsJtQiuryX1ImLm8oRhDSvriQHRNYmqLKa2/LJNXQQGYMzwsvuqX3Ckxt3pmtcdNviLtATdNnn8QmbmexLdXFbMYC7KMFn+xzrGOcu5QfpdAxhBXCCcJRKX47soJ/8BmDi3tLWeUnToxqFtyXRIvkLIngjrYEJkyWb0ZVHUwJZ5ygByHuNkR5KIy3guuXaZsNB7+MYVBtgWIssYYdQx75t4TrtXtsXrBVeUbubRZPLXE8ZSjCrrhRSt51WK/r+cvcyEV5HjbQTIPVqe+pDQr/0d16t7Ji5w1UwMSr57zQTbZmP90QLGfSsruc4ydDeZk6jef/u20TdBL11tbUb2YO9WUCeYXrg8iAS/h74XDrOEB0Xc76RK5BwYG+LkM5Ovw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30500174B18EDB6C2704D15B890D9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b2ab39c6-b4da-4a08-ff24-08d93254d468
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2021 12:30:17.0718 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2Cmyig6FDhnULc+7600nz4d9pyDdpEgbB++qT/MzXkSU65PToFegSLEMQas9asSA2k/A5KXjxGPpnUdWaSxkM1chjrH4e0WkqmdDj2u3WbY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2940
Received-SPF: pass client-ip=40.107.6.76; envelope-from=john.mattsson@ericsson.com; helo=EUR04-DB3-obe.outbound.protection.outlook.com
X-W3C-Hub-DKIM-Status: validation passed: (address=john.mattsson@ericsson.com domain=ericsson.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.3
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.194, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1luDe0-0004Jo-9O b32051e2207d103c1b6ccadae76c4ce1
X-caa-id: 19d6e21181
X-Original-To: ietf-http-wg@w3.org
Subject: Question regarding HTTP/2, SNI, and IP addresses
Archived-At: <https://www.w3.org/mid/HE1PR0701MB30500174B18EDB6C2704D15B890D9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38920
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi, It would be very kind if someone could confirm or refute the following for me: RFC 7540: ”The TLS implementation MUST support the Server Name Indication (SNI) [TLS-EXT<https://datatracker.ietf.org/doc/html/rfc7540#ref-TLS-EXT>] extension to TLS. HTTP/2 clients MUST indicate the target domain name when negotiating TLS. Deployments of HTTP/2 that negotiate TLS 1.3 or higher need only support and use the SNI extension; deployments of TLS 1.2 are subject to the requirements in the following sections.” Am I correct in my understanding that: * HTTP/2 (RFC 7540) requires support of sending the target domain name in SNI for both TLS 1.2 and TLS 1.3. * IP addresses cannot be sent in SNI. * IP addresses are not domain names. * Therefore, HTTP/2 with HTTPS requires domain names and cannot be used with IP addresses only. Cheers, John
- Question regarding HTTP/2, SNI, and IP addresses John Mattsson
- Re: Question regarding HTTP/2, SNI, and IP addres… Stephane Bortzmeyer
- Re: Question regarding HTTP/2, SNI, and IP addres… Martin Thomson
- Re: Question regarding HTTP/2, SNI, and IP addres… John Mattsson
- Re: Question regarding HTTP/2, SNI, and IP addres… Stephane Bortzmeyer
- Re: Question regarding HTTP/2, SNI, and IP addres… Martin Thomson
- Re: Question regarding HTTP/2, SNI, and IP addres… Ilari Liusvaara