IETF Logo Mail Archive

Re: [Masque] Dropping HTTP/1.x requirement for CONNECT-UDP

Tommy Pauly <tpauly@apple.com> Fri, 26 March 2021 15:08 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B32343A20C3 for <masque@ietfa.amsl.com>; Fri, 26 Mar 2021 08:08:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.251, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EhdGQJfpZ59H for <masque@ietfa.amsl.com>; Fri, 26 Mar 2021 08:08:17 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp02.apple.com (ma1-aaemail-dr-lapp02.apple.com [17.171.2.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D49CD3A20C1 for <masque@ietf.org>; Fri, 26 Mar 2021 08:08:16 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp02.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp02.apple.com (8.16.0.42/8.16.0.42) with SMTP id 12QEw2Xm006616; Fri, 26 Mar 2021 08:08:08 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=dEh9vTkLcqcwZCjOhWybEaF5DaF48HdEbKfoWnRMmdI=; b=mB2GudPJUr3dnSTSbyhGiElIA3mKGQ9EnN5kx2f3+5ua2zrLNdqlpG0OZSy2mkVWQmTh XIn7llAqlxKqMG+6u5eEKre8pRLKaQSGggBvK4BhXIOXmMqYloyfRJZ6Grb9yVLoe2HO eMzOhbH3rn4UzABtYzLniGpFY9G60oooEqqev03j2NHu46/9qqG5UhgMSpHnPkHh+rrm oaCPgOzalOA/pvvYu2XClZCODwV78QTPWFTWWOs0G5kYwyjfElyJgHqra6zsuMp3an+h 1QJpubBwijqqMnPQ4keByTx+4GOOF0798+BZc7lsX6I6G6oQCmDiMO3Rl5aCo8QNIw3S Ug==
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma1-aaemail-dr-lapp02.apple.com with ESMTP id 37h15djqq5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 26 Mar 2021 08:08:08 -0700
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QQL006NY0PJ2V00@rn-mailsvcp-mta-lapp04.rno.apple.com>; Fri, 26 Mar 2021 08:08:07 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QQL00Y000DQ5G00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 26 Mar 2021 08:08:07 -0700 (PDT)
X-Va-A:
X-Va-T-CD: a307069c117d92ca5914e55b5f3dbe78
X-Va-E-CD: 5941c1938a303a2cc2aa951013da524e
X-Va-R-CD: 6c33b829cc86532365ac3ddc3871a900
X-Va-CD: 0
X-Va-ID: 35b7f941-e80f-410a-a006-a72450781b91
X-V-A:
X-V-T-CD: a307069c117d92ca5914e55b5f3dbe78
X-V-E-CD: 5941c1938a303a2cc2aa951013da524e
X-V-R-CD: 6c33b829cc86532365ac3ddc3871a900
X-V-CD: 0
X-V-ID: 3dd508ff-b01c-44f0-93b8-e5d87216d938
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-26_06:2021-03-26, 2021-03-26 signatures=0
Received: from smtpclient.apple (unknown [17.234.118.53]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QQL00TEH0PEKV00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 26 Mar 2021 08:08:03 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <CE7DF9DE-4C2F-4EA9-82EE-DFE7ED209E2D@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_419E401F-6683-451C-971B-85CBDDC21787"
MIME-version: 1.0 (Mac OS X Mail 15.0 \(3668.0.5\))
Date: Fri, 26 Mar 2021 08:08:02 -0700
In-reply-to: <CAKKJt-fAK8XeaCaKvpXFbrVks+PN3NWtoUyyL3VGqmwKxAq2fQ@mail.gmail.com>
Cc: Ian Swett <ianswett@google.com>, MASQUE <masque@ietf.org>, Roy Fielding <fielding@gbiv.com>, Mark Nottingham <mnot@mnot.net>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, David Schinazi <dschinazi.ietf@gmail.com>, Alex Chernyakhovsky <achernya@google.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
References: <CAPDSy+5QOV-QfJVi1c1yN5KCawkibHfzZvWUaX3z9nby1tRKCg@mail.gmail.com> <CAHbWFkTjqo8kPfJZ1iYJf9Haz3bERSoo_hFuTEW7Ht-qVR=DqQ@mail.gmail.com> <2DFDA98E-E6A4-4D7A-9B22-043048ADF30E@apple.com> <4950F4ED-AF9C-493D-A72A-D2CFEE90C0FA@mnot.net> <9E9DFAEA-7B83-4208-AA99-770B70B6D569@apple.com> <CAPDSy+7ZWUeQt=Y6EvgSC=MeMAQ3QoHikta4g6ocyGViqTs0fg@mail.gmail.com> <CAKcm_gN561ruvtUL5JX9N0M58MN1dEQegWH0NuD6cGN-Badh9g@mail.gmail.com> <CAHbWFkR+5Y5jtXu2NnZ-fVxoFdSpBxP7ewutVPT0rfX1oHM6JQ@mail.gmail.com> <6476D243-6173-457F-9953-0382F7B7037B@ericsson.com> <CAKKJt-favDBmSWfBrHo3Pa1EXZ1MPsB6nxSe25x-O9i=VW+_Vw@mail.gmail.com> <CAHbWFkSsUovK-rrCGDguPgxbdLZVz4P7R5REsedxh6d38i7VqA@mail.gmail.com> <CAKcm_gNHg7wXH2ypf0=yW0+cuiJLOeSCdED08ayyYVO5CE=fbw@mail.gmail.com> <CAKKJt-fAK8XeaCaKvpXFbrVks+PN3NWtoUyyL3VGqmwKxAq2fQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3668.0.5)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-26_06:2021-03-26, 2021-03-26 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/6LQdaWGQi5WEBO-rzZc0XaBO3rA>
Subject: Re: [Masque] Dropping HTTP/1.x requirement for CONNECT-UDP
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2021 15:08:22 -0000


> On Mar 25, 2021, at 12:56 PM, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> wrote:
> 
> Dear All, 
> 
> On Thu, Mar 25, 2021 at 1:55 PM Ian Swett <ianswett@google.com <mailto:ianswett@google.com>> wrote:
> I agree that I think we need all 3 versions and didn't intend my message to indicate that an h2 version shouldn't be created, but rather that I expect an h1 may be used quite widely.
> 
> Thanks for helping me understand. I was curious because I thought I saw some people suggesting that it would be helpful to do the h2 and h3 mappings first, and h1 mapping later, and other people saying that h1 mapping mattered a lot. 
> 
> If we have to do all three, do we need to do all three at the same time?

That was the original question, but my sense of this thread (which I agree with) is that all versions ought to be specified at the same time. HTTP versions are often used back-to-back as communication traverses intermediaries, and any solution that leaves out some versions, even only temporarily, is not fully-fledged.

Best,
Tommy

> 
> Best,
> 
> Spencer
>  
> In terms of MITMs, David Schinazi pointed out that MITMs which block QUIC may also block CONNECT-UDP, and time will tell on that.
> 
> 
> 
> On Thu, Mar 25, 2021 at 2:14 PM Alex Chernyakhovsky <achernya@google.com <mailto:achernya@google.com>> wrote:
> Hi Spencer,
> 
> Can you please double-check if if all the instances of h1, h2, h3 you wrote are correct? I'm having trouble parsing your message.
> 
> I also want to add that I don't think restricting ourselves to h1 if h3 fails makes much sense. h2 has benefits, and IMO we should use them over h1 if h3 is unavailable.
> 
> Sincerely,
> -Alex
> 
> 
> On Thu, Mar 25, 2021 at 10:06 AM Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com <mailto:spencerdawkins.ietf@gmail.com>> wrote:
> I'm actually following up on something Ian said earlier ... 
> 
> On Thu, Mar 25, 2021 at 8:42 AM Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org <mailto:40ericsson.com@dmarc.ietf.org>> wrote:
> I agree. I thought that the mapping is actually relatively straight forward though. With H2 you can have one CONNECT per stream (and no datagram support). For H1 you can only have one CONNECT per connection and you would open multiple TCP/HTTP connections for each forwarding request separately.
> 
>  
> 
>  
> 
>  
> 
> From: Masque <masque-bounces@ietf.org <mailto:masque-bounces@ietf.org>> on behalf of Alex Chernyakhovsky <achernya=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>>
> Date: Wednesday, 24. March 2021 at 02:11
> To: Ian Swett <ianswett@google.com <mailto:ianswett@google.com>>
> Cc: David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>>, Mark Nottingham <mnot@mnot.net <mailto:mnot@mnot.net>>, Roy Fielding <fielding@gbiv.com <mailto:fielding@gbiv.com>>, Tommy Pauly <tpauly@apple.com <mailto:tpauly@apple.com>>, MASQUE <masque@ietf.org <mailto:masque@ietf.org>>
> Subject: Re: [Masque] Dropping HTTP/1.x requirement for CONNECT-UDP
> 
>  
> 
> I don't think aligning h1 and h2 makes sense. h2 is closer to h3 than it is to h1.
> 
>  
> 
> Sincerely,
> 
> -Alex
> 
>  
> 
> On Tue, Mar 23, 2021 at 7:25 PM Ian Swett <ianswett@google.com <mailto:ianswett@google.com>> wrote:
> 
> IMO it makes sense to align the h1 and h2 designs, since they're both fallbacks we'd rather not use.  If h1+h2 lands after h3 in a different doc, I don't see a problem with that, but I'm also fine with them being in a single document.
> 
>  
> 
> In a surprising number of cases where h3 is blocked, h2 is blocked as well(ie: Corp MITMs) and users will end up on h1.  Additionally, h1 is still widely used behind load balancers/proxies.  As such, by the time this becomes RFC, I wouldn't be surprised if there's more usage of it over h1 than h2.
> 
> I know there's a conceptual reason for having mappings for h3, h2, and h1, but if Ian's experience here is typical, how bad would it be if the recommendation was to fall back from h3 to h1? 
> 
> If h2 doesn't work on a path now, do we want to encourage those operators to allow h2 and continue to block h3, rather than encouraging people to allow h3?
> 
> Best,
> 
> Spencer 
>  
> 
> I don't think the CONNECT-UDP design for h2 and h3 needs to share framing, given h3 has datagrams and doesn't need frames transmitted on streams to transmit UDP?
> 
>  
> 
> On Tue, Mar 23, 2021 at 6:42 PM David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
> 
> Or we could have one document now that describes CONNECT-UDP over h2 and h3, and a separate document that defines CONNECT-UDP over h1 later?
> 
> I'm not saying CONNECT-UDP should never support HTTP/1.1, I'm just saying that maybe we don't need to design that yet.
> 
>  
> 
> Thoughts?
> 
> David
> 
>  
> 
> On Mon, Mar 22, 2021 at 7:57 PM Tommy Pauly <tpauly@apple.com <mailto:tpauly@apple.com>> wrote:
> 
> Yes, that’s what I recall as well.
> 
> David, can we still go down the path of using frames in HTTP/3 and HTTP/2, while letting CONNECT-UDP have a more degenerate case for HTTP/1.1?
> 
> Tommy
> 
> > On Mar 22, 2021, at 7:53 PM, Mark Nottingham <mnot@mnot.net <mailto:mnot@mnot.net>> wrote:
> > 
> > My recollection is that this was discussed at length during chartering, and the resolution was that we'd make it version-independent, like other methods. If you want to re-visit that, I think we'd need to ask the whole HTTP WG, not just a couple of people.
> > 
> > Cheers,
> > 
> > 
> >> On 23 Mar 2021, at 9:39 am, Tommy Pauly <tpauly@apple.com <mailto:tpauly@apple.com>> wrote:
> >> 
> >> While I understand the desire for this, I’m concerned about making a method that only works with some versions.
> >> 
> >> From https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#methods <https://protect2.fireeye.com/v1/url?k=57aa9374-0831aa71-57aad3ef-86d2114eab2f-8a67a28437e1dc6d&q=1&e=cd2d81ff-d165-41ed-836c-128d76921781&u=https%3A%2F%2Fhttpwg.org%2Fhttp-core%2Fdraft-ietf-httpbis-semantics-latest.html%23methods> :
> >> 
> >> HTTP defines a number of generic extension points that can be used to introduce capabilities to the protocol without introducing a new version, including methods, status codes, field names, and further extensibility points within defined fields, such as authentication schemes and cache-directives (see Cache-Control extensions in Section 5.2.3 of [Caching]). Because the semantics of HTTP are not versioned, these extension points are persistent; the version of the protocol in use does not affect their semantics.
> >> 
> >> Version-independent extensions are discouraged from depending on or interacting with the specific version of the protocol in use. When this is unavoidable, careful consideration needs to be given to how the extension can interoperate across versions.
> >> 
> >> I’d like to hear the opinions of Mark and Roy on this.
> >> 
> >> Tommy
> >> 
> >>> On Mar 22, 2021, at 3:21 PM, Alex Chernyakhovsky <achernya=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>> wrote:
> >>> 
> >>> I think this makes a lot of sense. As it stands today, anyone wishing to add UDP support would have to make changes to their client/server anyway -- I feel like the complexity we'd take on by continuing to support HTTP/1.1 and older isn't beneficial since we wouldn't be able to interoperate with existing implementations with the new features. Requiring HTTP/2 or newer lets us rely on a lot of nice things that have been added (like multiplexing) and not have to re-invent them in HTTP/1.1 just for UDP.
> >>> 
> >>> Sincerely,
> >>> -Alex
> >>> 
> >>> On Thu, Mar 18, 2021 at 6:12 PM David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
> >>> Hi MASQUE enthusiasts,
> >>> 
> >>> The CONNECT-UDP draft currently states "The CONNECT-UDP method is defined for all versions of HTTP." While supporting HTTP/3 is our top priority, and supporting HTTP/2 is necessary because of networks that block UDP, I'm not sure supporting versions of HTTP before 2 is useful. Additionally, it constrains our design space as HTTP/1.1 does not have the HTTP framing layer that HTTP/2 and HTTP/3 have. I would like to drop support for HTTP/1.1, 1.0 and 0.9.
> >>> 
> >>> Does anyone object to dropping the requirement to support versions of HTTP before 2?
> >>> 
> >>> Thanks,
> >>> David
> >>> -- 
> >>> Masque mailing list
> >>> Masque@ietf.org <mailto:Masque@ietf.org>
> >>> https://www.ietf.org/mailman/listinfo/masque <https://www.ietf.org/mailman/listinfo/masque>
> >>> -- 
> >>> Masque mailing list
> >>> Masque@ietf.org <mailto:Masque@ietf.org>
> >>> https://www.ietf.org/mailman/listinfo/masque <https://www.ietf.org/mailman/listinfo/masque>
> >> 
> > 
> > --
> > Mark Nottingham   https://www.mnot.net/ <https://protect2.fireeye.com/v1/url?k=0c525adb-53c963de-0c521a40-86d2114eab2f-69a3e42f0cf4ffba&q=1&e=cd2d81ff-d165-41ed-836c-128d76921781&u=https%3A%2F%2Fwww.mnot.net%2F>
> > 
> > -- 
> > Masque mailing list
> > Masque@ietf.org <mailto:Masque@ietf.org>
> > https://www.ietf.org/mailman/listinfo/masque <https://www.ietf.org/mailman/listinfo/masque>
> -- 
> Masque mailing list
> Masque@ietf.org <mailto:Masque@ietf.org>
> https://www.ietf.org/mailman/listinfo/masque <https://www.ietf.org/mailman/listinfo/masque>-- 
> Masque mailing list
> Masque@ietf.org <mailto:Masque@ietf.org>
> https://www.ietf.org/mailman/listinfo/masque <https://www.ietf.org/mailman/listinfo/masque>
> -- 
> Masque mailing list
> Masque@ietf.org
> https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email