IETF Logo Mail Archive

Re: [quicwg/base-drafts] HTTP/QUIC without Alt-Svc? (#253)

Mike Bishop <notifications@github.com> Tue, 28 March 2017 05:54 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEB191292D0 for <quic-issues@ietfa.amsl.com>; Mon, 27 Mar 2017 22:54:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.796
X-Spam-Level:
X-Spam-Status: No, score=-9.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.796, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmzZoS6rwfSe for <quic-issues@ietfa.amsl.com>; Mon, 27 Mar 2017 22:54:11 -0700 (PDT)
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2-ext2.iad.github.net [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47132128AB0 for <quic-issues@ietf.org>; Mon, 27 Mar 2017 22:54:11 -0700 (PDT)
Date: Mon, 27 Mar 2017 22:54:10 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1490680450; bh=LjNpD+F2qPSP5PbPqgw+xQbDY0Q8oXiI2g84XLM1H7g=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Qc8F33PIV3WG5SLZwprch1QY9L9MH0FLYpdZWGI/vvs5S/YhzlYbk3QCpXzqUn+Cq r9t4HpnBevSXHFBTK7CIGPT2Bsw4SR7NqAH21tjJOHbQ2KerLvqyMtwkyFkoSuTTAw otzuREjB/7pV8ru0BVG/q1wxbCi9SxJiuiVLkOxk=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abeb6d8b7553c132878133135a8bf1f37522440bee92cf0000000114f1bc8292a169ce0c2f403e@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/253/289670798@github.com>
In-Reply-To: <quicwg/base-drafts/issues/253@github.com>
References: <quicwg/base-drafts/issues/253@github.com>
Subject: Re: [quicwg/base-drafts] HTTP/QUIC without Alt-Svc? (#253)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_58d9fa8229e7e_591d3fdddea89c3c124851"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/HRNoeIvOde5DJqvTr5Mze4IKGg8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2017 05:54:14 -0000

We've talked about four routes here:

1)  **Long live TCP.**  All HTTP sites will be dual-stack, and the authoritative endpoint will be TCP.  Clients MUST have a way to find the secure delegation from that TCP endpoint to QUIC, though we might define alternatives to Alt-Svc headers which could be done without TCP.  (Alt-Svc in DNS?)

2)  **Update RFC3986.**  RFC 3986 explicitly states that "The type of port designated by the port number (e.g., TCP, UDP, SCTP) is defined by the URI scheme."  We could update the URI to contain a protocol designator, whose default is defined by the URI scheme.  As it would be omitted in all existing URIs, their interpretation remains unchanged.  Then https://www.example.com:q443/ refers to QUIC on UDP 443.

3)  **Define a new scheme.**  See pull request.

4)  **What's it matter?**  Assume that HTTP/QUIC on port 443 is likely equivalent to HTTP/TCP on port 443 if the cert is valid and call it good.

We explicitly do not consider the same host on different ports equivalent authorities, even if they happen to be listening on both ports with the same cert.  Why is TCP 443 vs. UDP 443 any different from TCP 443 vs. TCP 444?  (4) seems like a security issue waiting to happen.

I'm going to reverse myself and disagree that (3) is undeployable on the web in the near-term.  App-to-app handoff on many (most?) platforms now uses custom URI schemes.  Apps that encounter unknown URI schemes ask the OS; the OS is able to invoke appropriately-registered apps or tell the user they need to get a capable app.  E.g. launching "nonsense://" produces this on Win10:

![image](https://cloud.githubusercontent.com/assets/4273797/24390519/18b217aa-134f-11e7-8c13-22a24805081b.png)

Some cursory testing shows that browsers block navigations to URI schemes that don't have an OS-registered handler.  But if you have two browsers, one QUIC-capable and one not, when you click an httpq:// link in the non-QUIC browser the OS will launch the QUIC-capable browser for you and you proceed on your merry way.  This seems almost exactly what we'd want to have happen.

(2) probably *is* undeployable, because legacy apps will attempt to parse the URI and declare it invalid.  They're semi-used to seeing unknown schemes (xboxliveapp-1297287741://, anyone?), but changes that break the parsers would be seriously painful.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/253#issuecomment-289670798

v2.23.0 | Report a Bug | By Email