Re: Alt-SvcB

Martin Thomson <> Wed, 26 October 2022 00:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BF912C1522B6 for <>; Tue, 25 Oct 2022 17:45:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.06
X-Spam-Status: No, score=-5.06 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=SaXN9h9p; dkim=pass (2048-bit key) header.b=O9RuThkN
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BuHKoESG0h9R for <>; Tue, 25 Oct 2022 17:45:10 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 86119C14CF1F for <>; Tue, 25 Oct 2022 17:45:10 -0700 (PDT)
Received: from lists by with local (Exim 4.94.2) (envelope-from <>) id 1onUUQ-005676-2P for; Wed, 26 Oct 2022 00:41:50 +0000
Resent-Date: Wed, 26 Oct 2022 00:41:50 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <>) id 1onUUP-005669-6k for; Wed, 26 Oct 2022 00:41:49 +0000
Received: from ([]) by with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <>) id 1onUUN-001pPn-Eb for; Wed, 26 Oct 2022 00:41:48 +0000
Received: from compute3.internal (compute3.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id 00A4B32007CF for <>; Tue, 25 Oct 2022 20:41:35 -0400 (EDT)
Received: from imap41 ([]) by compute3.internal (MEProxy); Tue, 25 Oct 2022 20:41:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1666744895; x=1666831295; bh=L3hr8m5Kim FYzs9641LjhdjqcHG7tOEIEMaFaSwDJtQ=; b=SaXN9h9poJ7P3rMZ5UZS8e23m2 GFtFf49aC+VdUZ4ikDY6JYQHSRKJfUSpw9dztu6AZ1O8cxX2WnTcpx29g9tR+Sl3 ZAbcJtkfv9PMUiPggfS0x7i7WbOLTvfbKNVUBHY8LaKgWdxXBAFFBHfsgnA0lxV2 Y8qOfytVuUk0HIRQ8ToTcwLIwDLc1IPjgvukeMfLpx5PYlBjW+9RUC3Em2rK5gsX iJtajllMjto00WtsYfArnq/ob0te2RipvqzAfxbLrN1T9zijYr6jj08O3ZIPieks 3h34PNxvRKxTgf4Z/P/icpRmhj/XdPhA2/ZOUSshRB1kAUxHjRLvpYgsBKZw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1666744895; x=1666831295; bh=L3hr8m5KimFYzs9641LjhdjqcHG7 tOEIEMaFaSwDJtQ=; b=O9RuThkN32LKAfxxrsXUJkyLQhW8okd4RsznmJZZ0FMY Ek1YN0eRT2Tg2yvHTzef84aRXSbfwV+Z9c2GJc0gqQCNdsAKvfqPwxA5znqEZoVc bvEM84j0H1GZCeA4fDWGm7ZumEj6cDWG8ZkB7lFL23rYkevBre9OaLBk4FnNxwWS 3Iu/jFkEiBjgDXdmgLhrjsz8ey5cUXOHuX+hJw60Wq2HDtzcaDgQ3QfUKJ25IhZc zUX9vcpHbD6x61hKk19ksxZfF1Pz0scZASBkWkHGERFeuQaHEWsEwzygS5z9OpfT sZjMGek8n7duDYLh8Cu5upWA3aG48tk854xC9SOWbA==
X-ME-Sender: <xms:P4JYYxYRre1HopSx4FMV5ydo11cBJ9AwYFZbZiwEus8vaWO8DcvXGg> <xme:P4JYY4YmSMxyrerqSnSMDifc2gFu2ixNHWVVHEbD6ZdcqcHymLCP2QYSjpM6KTzY1 ovxEq6UFfqOcNG0tR0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvgedrtddugdefkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnheptdehuedvfffhgeeuvdegie effefghffgfeeijeejffevkeefudeftdehgfetlefgnecuffhomhgrihhnpehthhgrthhs mhhorhgvthhhrghnjhhushhtrghnohhsphhrohgslhgvmhdrihhtpdhhthhtphefrdgrsh enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmthes lhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:P4JYYz8jPXyCT4rUFobWJ7DpAZsmR3fOg5tq4w_xJS-frYMLAdgz0g> <xmx:P4JYY_oHqjgzydge4b1HvVJG-pOJ-B0EG5Pqt1lxuPd7fPe_WzZNfQ> <xmx:P4JYY8rFS0aJAYEr8gVtx5G_sTzlMrNF6ilRh-ATGP4_ls-BwfpNAw> <xmx:P4JYY51Ias_A85gaAclrG0VguwD_VUpL0sTu5m0ybxzH8KrkI-jYdA>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3AD1F234007E; Tue, 25 Oct 2022 20:41:35 -0400 (EDT)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1047-g9e4af4ada4-fm-20221005.001-g9e4af4ad
Mime-Version: 1.0
Message-Id: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <>
Date: Wed, 26 Oct 2022 11:41:14 +1100
From: Martin Thomson <>
Content-Type: text/plain
Received-SPF: pass client-ip=;;
X-W3C-Hub-DKIM-Status: validation passed: (, signature is good
X-W3C-Hub-DKIM-Status: validation passed: (, signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: 1onUUN-001pPn-Eb 49487247493bb6804e6ef4663a271baf
Subject: Re: Alt-SvcB
Archived-At: <>
X-Mailing-List: <> archive/latest/40491
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On Wed, Oct 26, 2022, at 10:21, David Schinazi wrote:
> h3 hints are a great example of something that needs to be added to 
> Alt-Svc. 

So I think that we're fixated a little much on a specific interpretation of "obsoletes" here.

TLS 1.3 obsoleted TLS 1.2.  That has not stopped the TLS community from publishing a number of RFCs that specifically extend TLS 1.2.

In TLS 1.2, just like Alt-Svc, we have clear problems, but an ongoing deployment need.  For TLS, it is primarily deployment costs (1.3 is a relatively big lift), with a sprinkling of other attachments. For Alt-Svc, it is the signal of HTTP/3 support where HTTPS doesn't work.  That's more than just an OS problem.  It's also tied up with deployment of networking gear in some cases, so we'll probably be stuck with it as long as the desire to use HTTP/3 in those affected cases is significant.

We're not proposing that we *deprecate* Alt-Svc.  This isn't RFC 8996 for TLS 1.1/1.0 where the use of the protocol is actively discouraged.  RFC 8996 came some time after TLS 1.2/RFC 5246.  Though perhaps folks like Lucas might want that deprecation to happen sooner rather than later, we recognize that Alt-Svc is needed.  That is, until the problems Alt-Svc causes starts to look bad relative to the diminishing number of clients that need it to get HTTP/3.

As others have noted, we'll probably need the HTTP/3 signal for some time.  But we might be able to narrow that over time.

We're not taking Alt-Svc away.  We're merely saying that it is not our preferred solution any more.