IETF Logo Mail Archive

Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00

David Benjamin <davidben@chromium.org> Thu, 12 September 2019 00:37 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72CD120026 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 11 Sep 2019 17:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.999
X-Spam-Level:
X-Spam-Status: No, score=-2.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fv7ghFLZHj1W for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 11 Sep 2019 17:37:42 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA8D912001A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 11 Sep 2019 17:37:42 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1i8D4u-00044J-6f for ietf-http-wg-dist@listhub.w3.org; Thu, 12 Sep 2019 00:35:16 +0000
Resent-Date: Thu, 12 Sep 2019 00:35:16 +0000
Resent-Message-Id: <E1i8D4u-00044J-6f@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <davidben@google.com>) id 1i8D4q-00043T-GO for ietf-http-wg@listhub.w3.org; Thu, 12 Sep 2019 00:35:12 +0000
Received: from mail-pf1-x433.google.com ([2607:f8b0:4864:20::433]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <davidben@google.com>) id 1i8D4p-0003QO-2r for ietf-http-wg@w3.org; Thu, 12 Sep 2019 00:35:12 +0000
Received: by mail-pf1-x433.google.com with SMTP id y72so14730521pfb.12 for <ietf-http-wg@w3.org>; Wed, 11 Sep 2019 17:34:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=P72JjQy6GqHRrzPGgwGA8dQmbhJg4eqCkwxHnNhhSZ8=; b=DIQaBKNx5EdGKyClHwkSJoE29p72DjUnUZKFi7idCKpDrU1Wb1ERYLBTTu1sFdCIbq 88eXXOsuCG9lxfg6NOR3/vvC56D5Agc+FrAGKSyJbPQN1kdpe/sy7zE/th3AuGv7GAGp 4TQbYV2XgMUlL3mJ72fiBuKkJ4DyYzhy3NpXI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P72JjQy6GqHRrzPGgwGA8dQmbhJg4eqCkwxHnNhhSZ8=; b=BW80dt2reuh1TzIYRszY7Ug5ZM3h3HxbnjpB2fj9zWKlRjiBwYQ2FM0K91iqy81Kxo JTH9xI7JE3vQhuZP5xqzc2KMja+DlJ70JvChrsffonDPh4rt0xzBRQ5qLdx9MfyH28Ft aubCOj6N+l7Q0cWhcMUl5SUdyMvqaZmfDocQivUmM6Vc/YdlAzRJ6ZkyTUcLZbs8F+i8 ErQJsJFfvtWUdtvz7NAMstGo4VedOBoVUEfqYIhyADIPYPgkiOq9DzBja53xAwsLdghM EyneN7EQvGwnniFy+b9GdJeF4pRUtyCneW5vwn9f5Oy8iaiiqdyLphfTE432U8BB1ExE uDJA==
X-Gm-Message-State: APjAAAUEraATQb73Lmx+233hpTVxHgBwq7vZdozKIhON/KxM8Tbw+Os9 8bXk3wnleQvzaXhiyL6OoKZ9/ZunAL0Gm7nwQDzN
X-Google-Smtp-Source: APXvYqxNyDFIXttRK2LNRIfPPaFqPTEbIWyq1Ovvsi5mf6wzKFElGYRRDC9lA0BAy74xRviCmiA6qiRQnQaHOWjoaMQ=
X-Received: by 2002:a17:90a:c24d:: with SMTP id d13mr8599569pjx.47.1568248489056; Wed, 11 Sep 2019 17:34:49 -0700 (PDT)
MIME-Version: 1.0
References: <36F559DD-7E4D-47FE-ADBF-423D09FE5AA9@mnot.net> <BN6PR2201MB120286DF8474D2B943CEC061DAB70@BN6PR2201MB1202.namprd22.prod.outlook.com>
In-Reply-To: <BN6PR2201MB120286DF8474D2B943CEC061DAB70@BN6PR2201MB1202.namprd22.prod.outlook.com>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 11 Sep 2019 20:34:33 -0400
Message-ID: <CAF8qwaBO5-go++AbS0gzaQNXuyT7wAdLjnB9Qx3Y-tDyw7K3Uw@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>, Patrick McManus <mcmanus@ducksong.com>
Content-Type: multipart/alternative; boundary="0000000000001ca31a0592504ee3"
Received-SPF: pass client-ip=2607:f8b0:4864:20::433; envelope-from=davidben@google.com; helo=mail-pf1-x433.google.com
X-W3C-Hub-Spam-Status: No, score=-11.5
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1i8D4p-0003QO-2r e3e237bc70bd1392baf0986574f748a2
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
Archived-At: <https://www.w3.org/mid/CAF8qwaBO5-go++AbS0gzaQNXuyT7wAdLjnB9Qx3Y-tDyw7K3Uw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37014
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Mon, Sep 9, 2019 at 1:52 PM Mike Bishop <mbishop@evequefou.be> wrote:

> Giving this document a re-read, I take some issue with one wording choice
> that seems to be consistent throughout:
> ~~~
>    The former shares the same problems with multiplexed protocols, but
>    has a different name.  This makes it ambiguous whether post-handshake
>    authentication is allowed in TLS 1.3.
>
>    This document clarifies that the prohibition applies to post-
>    handshake authentication but not to key updates.
> ~~~
> It's not at all ambiguous whether the prohibitions in RFC7540 apply to TLS
> 1.3 -- they don't.    "Deployments of HTTP/2 that negotiate TLS 1.3 or
> higher need only support and use the SNI extension; deployments of TLS 1.2
> are subject to the requirements in the following sections."  The sections
> you're discussing are very explicitly excluded from covering TLS 1.3.
>

Aha! Somehow I'd missed that sentence. Thanks! I've applied MT's suggestion
and then reworded the document accordingly in
https://github.com/httpwg/http-extensions/pull/929.


> But the reasons for them still apply, so you're here defining those
> prohibitions against the new world of TLS 1.3.  This isn't a clarification
> of anything formerly ambiguous, but a new definition in the same spirit and
> for the same reason.
>
> The requirements themselves, I support.
>
> -----Original Message-----
> From: Mark Nottingham <mnot@mnot.net>
> Sent: Wednesday, September 4, 2019 11:16 PM
> To: HTTP Working Group <ietf-http-wg@w3.org>
> Cc: Tommy Pauly <tpauly@apple.com>; Patrick McManus <mcmanus@ducksong.com>
> Subject: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
>
> David indicates that he thinks we're ready for WGLC on this document:
>
>  https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00
>
> Please have a look through and bring up any issues here or on the issues
> list, and please indicate support (or lack thereof) for advancement on the
> mailing list. If you are implementing or intend to implement the
> specification, that would be useful information for us.
>
> WGLC will end on 19 September.
>
> Cheers,
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>
>
>

v2.23.0 | Report a Bug | By Email