Re: Last Call: <draft-ietf-httpbis-http2-16.txt> (Hypertext Transfer Protocol version 2) to Proposed Standard

Dave Cridland <> Wed, 07 January 2015 13:07 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A8CA61A8A4E for <>; Wed, 7 Jan 2015 05:07:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OyKBxjFOP3yf for <>; Wed, 7 Jan 2015 05:07:55 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4003:c01::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C94581A8A15 for <>; Wed, 7 Jan 2015 05:07:55 -0800 (PST)
Received: by with SMTP id va2so2923280obc.10 for <>; Wed, 07 Jan 2015 05:07:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rzn6nGu9czseEucEgmPqi5Cl5YjCk0FFlPdzG+1P94s=; b=E0hjmRk8YM+jQkeYCp5OYCti9O7wb/MxD2M6drT54UhYw7cPFgv7SIIsk0IU5Yrh+o FWZbo4woVD9b0g/BU27loFCER7m4jCxA3T1ZEqeWPufp04MmoE//HZJpCQhNUb+zRPeB GXOslQIQ9q7NWme8hrM/gNEeGJCfemK27VTd8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=rzn6nGu9czseEucEgmPqi5Cl5YjCk0FFlPdzG+1P94s=; b=FkoSF03/qGUZH7CqyrW95elM3LEja9g7bQr+u/YCFXtBUqqUtNXH/6c6bLQkjqzcGl M5yVwA1j6ACLt3dBtL4zL/DrM03y2TDEb+a13hvCpWazr687b7t99d59J+sR8//jw8VX ebB1ApsajS4ZmRPP2P00sXibtUCTuTiwQnoI9AnIBHqy0hVuRTMvoDVLF1whTAIZe4Pb P7+4nbloLNIjiHPKN9ZD9dVj5wAF3ret8jPxWaVO7iImn0nxhQKAWGTyZMvYBVC/GvgH 0Vcg+j+bLRSMLdKZ9Igy194Ckx4IZOEyVFteASMcb6fXNS1ZU1esRgtGqqTfJp1l/CvP tRlA==
X-Gm-Message-State: ALoCoQnaaR0RwrOEM5uYnojtEizzezdCpue4YQ1sKx5GYTKYtMoZpg6aGEhbcz3WrYnaL2KbSnNk
MIME-Version: 1.0
X-Received: by with SMTP id l201mr1714735oig.117.1420636074956; Wed, 07 Jan 2015 05:07:54 -0800 (PST)
Received: by with HTTP; Wed, 7 Jan 2015 05:07:54 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <>
Date: Wed, 7 Jan 2015 13:07:54 +0000
Message-ID: <>
Subject: Re: Last Call: <draft-ietf-httpbis-http2-16.txt> (Hypertext Transfer Protocol version 2) to Proposed Standard
From: Dave Cridland <>
To: Eliot Lear <>
Content-Type: multipart/alternative; boundary=001a113d2da09a72b3050c0f9cef
Cc: Delan Azabani <>, =?UTF-8?Q?M=C3=A5ns_Nilsson?= <>, " Discussion" <>, =?UTF-8?B?UGF0cmlrIEbDpGx0c3Ryw7Zt?= <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Jan 2015 13:07:58 -0000

On 3 January 2015 at 16:53, Eliot Lear <> wrote:

> Finally, to address Måns' comments, additional data for the target
> doesn't get signed (but correct me if I missed a change).  (Actually,

I'm confused by this comment. You're saying (or you appear to be saying)
that use of SRV would place greater emphasis on DNSSEC, but additional
records don't get signed, and therefore the address record wouldn't be
signed in this case.

I'm not clear on where the requirement for DNSSEC comes into this, but
given that without SRV (and without DNSSEC that is no longer required),
there would be no signature on the address record anyway, I'm not sure it

I would in any case strongly support addition of SRV into HTTP/2 URI
resolution, and furthermore, I would strongly support additional work on
DNS (and DNSSEC) to address any performance or security issues at that

As a final comment, I would note that if "IANA policy" is causing us
problems, we should just change it - these are technically speaking not
IANA's policies but ours.