IETF Logo Mail Archive

Re: [hybi] workability (or otherwise) of HTTP upgrade

Brian McKelvey <theturtle32@gmail.com> Wed, 08 December 2010 23:27 UTC

Return-Path: <theturtle32@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 033023A68BA for <hybi@core3.amsl.com>; Wed, 8 Dec 2010 15:27:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5rAc1xVYiWxE for <hybi@core3.amsl.com>; Wed, 8 Dec 2010 15:27:39 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 9CA383A6868 for <hybi@ietf.org>; Wed, 8 Dec 2010 15:27:38 -0800 (PST)
Received: by gyd12 with SMTP id 12so1109842gyd.31 for <hybi@ietf.org>; Wed, 08 Dec 2010 15:29:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:references:in-reply-to :mime-version:content-transfer-encoding:content-type:message-id:cc :x-mailer:from:subject:date:to; bh=xVeQ62Tx+tMRMKzUBUHmiTAv5U9FTZXVhx3cz2dvYEU=; b=JJY6Sut0ccnSE3+CrndG3KichVqQZRiK8iaT1gENuirKWpK5CwYUVmx7wdjS6L/xdV KAkovn/gqCJkJOPDiH1C+FSv9k9QSVUr75mBGar69NGqzf+RZq8ZKylRfJMIgMRuSNbZ AfgzeAxXS1oZHjNSsKFZQEc5sInPsyYKk9+W0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to; b=lGAIde6fBPrAzRSYIsvU3KRL01KcF3h8l/kjxE2u08KN8GILVaJmV9ANbINaiPlQ8e g/yjZaudlQvrBRIu82EgiKtIstjMjcURIccyDBku2BHapYl3Z5DlH5WLJatIX/oRWZED Bp7+LetQL9orNF/+pp9DaZmykZtqhDgBC9/is=
Received: by 10.150.204.5 with SMTP id b5mr5004851ybg.214.1291850944863; Wed, 08 Dec 2010 15:29:04 -0800 (PST)
Received: from [10.76.25.72] ([166.205.137.242]) by mx.google.com with ESMTPS id r31sm707280yhc.24.2010.12.08.15.28.58 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 08 Dec 2010 15:29:03 -0800 (PST)
References: <AANLkTin6=8_Bhn2YseoSHGh1OSkQzsYrTW=fMiPvYps1@mail.gmail.com> <20101126000352.ad396b9a.eric@bisonsystems.net> <AANLkTimzQyG4hugOvHqoNrBrZFA4fGbGXQ7MZ2i+68dO@mail.gmail.com> <BB947F6D-15AA-455D-B830-5E12C80C1ACD@mnot.net> <81870DB1-B177-4253-8233-52C4168BE99D@apple.com> <F4D1B715-3606-4E9A-BFB2-8B7BC11BE331@mnot.net> <57D4B885-B1D8-482F-8747-6460C0FFF166@apple.com> <37A00E8D-B55C-49AD-A85C-A299C80FFF17@mnot.net> <4F2580A7-79C2-4B0A-BCE5-7FB6D9AA0ED7@apple.com> <BB31C4AB95A70042A256109D461991260583956C@XCH117CNC.rim.net>
In-Reply-To: <BB31C4AB95A70042A256109D461991260583956C@XCH117CNC.rim.net>
Mime-Version: 1.0 (iPhone Mail 8C134)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <EA41A6C7-971C-4EC8-AA6F-96363B7FDC4C@gmail.com>
X-Mailer: iPhone Mail (8C134)
From: Brian McKelvey <theturtle32@gmail.com>
Date: Wed, 08 Dec 2010 15:28:50 -0800
To: Joe Mason <jmason@rim.com>
Cc: hybi HTTP <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: [hybi] workability (or otherwise) of HTTP upgrade
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 23:27:40 -0000

Requiring encryption has been proposed and subsequently rejected by the group many, many times now, mostly in the previous discussion on framing.  There were a number of people with use cases that demanded an extremely high throughput, low overhead solution for various reasons.  Can we please stop considering that option to still be even remotely on the table?  Maybe circle back to it as a last resort if we get desperate, but that's not yet.  Until then it waters down the discussion.

Encryption should be available but not required.  I myself use draft-76 wss:// exclusively on port 443 of my servers (behind STunnel and HAProxy) because of the higher connection success rate.  But I can understand the use cases where it isnt required, and could be problematic.

Brian

Sent from my iPhone

On Dec 7, 2010, at 7:27 AM, Joe Mason <jmason@rim.com> wrote:

>> -----Original Message-----
>> From: hybi-bounces@ietf.org [mailto:hybi-bounces@ietf.org] On Behalf Of
>> Maciej Stachowiak
>> Sent: Tuesday, December 07, 2010 2:05 AM
>> To: Mark Nottingham
>> Cc: hybi HTTP; HTTP Working Group
>> Subject: Re: [hybi] workability (or otherwise) of HTTP upgrade
>> 
>> If the goal was not to interoperate with HTTP at all, it would be much
>> better to use an approach where everything is encrypted. One plausible
>> way to do that would be to restrict the protocol to TLS-only, at which
>> point the nextprotoneg proposal can take care of dispatch without
>> having to involve the HTTP layer. I think this is a plausible option,
>> but many hybi WG members have expressed concern about the performance
>> issues and other barriers to deployment of an all-TLS solution.
>> 
>> Another approach is to invent our own crypto and start with a key
>> exchange. Inventing crypto makes me nervous compared to using something
>> known (such TLS), and might well impose many of the same costs that
>> folks are worried about with TLS.
> 
> If we are going to encrypt everything, we should just use TLS.  Crypto is an especially bad place to be reinventing the wheel.  As far as I know all the performance concerns apply to any encryption, even simple XOR masking, so there's no point in discussing tradeoffs of various implementations - the tradeoff is whether we want encryption at all.  Once we're over that hump, I don't think any custom encryption scheme is going to have benefits that outweigh TLS's huge benefit of "well understood and in wide use".
> 
> Joe
> 
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi

v2.23.0 | Report a Bug | By Email