Re: Benjamin Kaduk's Discuss on draft-ietf-quic-http-33: (with DISCUSS and COMMENT)

Mark Nottingham <mnot@mnot.net> Thu, 21 January 2021 00:09 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14BFC3A1613; Wed, 20 Jan 2021 16:09:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=CjA1+Tgg; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=WIMNuFTE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYFmXTHHkxfP; Wed, 20 Jan 2021 16:09:22 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29FF73A1610; Wed, 20 Jan 2021 16:09:22 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 852E15C0100; Wed, 20 Jan 2021 19:09:21 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Wed, 20 Jan 2021 19:09:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=g hqKmBxmYwnOyYyHrs7dPJpDtz0SwkMBy+orE70OdUo=; b=CjA1+TggTFpOhkm1g oPnzx6RpgAPZnVdbGP+qpAhrdoR2TmrFR6ndkHCNvFVpBKtUfs+hKSIFPJC4vQ3i 7QVXuY6u0FDQcPhIss4CkPs9bRS7hSZqGngfZbOxsJRIHazbbCGYd668KTy4cS4W 6cqywxaKG7XBemeTCDu86WwdC1zr+vIL1DEzN8WNadndwZbFcytwaGDjg1uyICCP dGdkm+j725SpQct4WVxNg3h7mCHOEWfCszthtdUZzpGLshy+lKlj7sD38xnsCJCg 9vL3l1TxeSBVqn3UZi0aZWyuJLFSqFD2P6FIjP7/rA+t/zuXssyoFV5QJ8ZAEBDL Zum7w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=ghqKmBxmYwnOyYyHrs7dPJpDtz0SwkMBy+orE70Od Uo=; b=WIMNuFTEf3yFXtf/EMT2rnwN9uSLONebIzLk1C1tEFfBIvzFoCwWcpzOG hJiKqRZpSkawyeAs9RaP0BhvJxlSYVqpNeOVuCUy2DX1WBqgZzhXN3Uwc3VFqX5Z RNy6ZzMBGJa60aaQrtk1oheCPRnpWWhyb/BXSKR+9/m+tjR2buq8AY1C4ljsUS9x 9DcdfiwzXSSdPzMf/0aW8ew2KG+8u/of2FAGePPbd+bFzTdvKIFxfzsmM4YvKMj5 9yWn5JOyFljrE1vleGmyUFJI1nojEJjvoFeldZ3eQPa5zBKloSDVY0WoaJ/z1tgm X8qWAyaWf2h7KM12hVydlRXcF691w==
X-ME-Sender: <xms:MMYIYOhIjES7fKQ2XeCRt2EezRL1p7dSaIycwI5UawqHCURbzWjdig> <xme:MMYIYIotsHp8TJFiKFVLhwAJLi4rHFx11jkJW4Hdg8EG5kVgnpeWQOxwiZqWaI1uv XEuIyojh0I3Y09W8g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudefgdduiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhfgjfffgkfhfvffosehtqhhmtdhhtddvnecuhfhrohhmpeforghrkhcu pfhothhtihhnghhhrghmuceomhhnohhtsehmnhhothdrnhgvtheqnecuggftrfgrthhtvg hrnhepleffvdeuveffffekgefgffeugeehleekkeetjeelhfelkeevkeduieeivedvtefg necuffhomhgrihhnpehgihhthhhusgdrtghomhdpmhhnohhtrdhnvghtnecukfhppeduud elrddujedrudehkedrvdehudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpehmnhhothesmhhnohhtrdhnvght
X-ME-Proxy: <xmx:MMYIYGFX997dlxX0zOm9sp3WkiwPpD4xZ45gF6UDgCDDeyzoJyigqQ> <xmx:MMYIYKliuwdnb9oHWLXha5NAbdbJtLeLjO_7azyjXKP5X8hrNeKodA> <xmx:MMYIYJlbAxBfaH7Wsj8Dk6l4Or8t7ra1l9Egt3L4iP97PMIW5qCCjQ> <xmx:McYIYIcaXfJzJKCjX0G8aAHATrRIGafzHCmy3OWkHgrQkLUEc4G5ug>
Received: from [192.168.7.30] (119-17-158-251.77119e.mel.static.aussiebb.net [119.17.158.251]) by mail.messagingengine.com (Postfix) with ESMTPA id E0D6C1080068; Wed, 20 Jan 2021 19:09:18 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\))
Subject: Re: Benjamin Kaduk's Discuss on draft-ietf-quic-http-33: (with DISCUSS and COMMENT)
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <161116741504.28838.3011643882056868272@ietfa.amsl.com>
Date: Thu, 21 Jan 2021 11:09:15 +1100
Cc: The IESG <iesg@ietf.org>, draft-ietf-quic-http@ietf.org, lucaspardue.24.7@gmail.com, quic@ietf.org, quic-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <93322516-3988-44D9-B495-89816E76B4A3@mnot.net>
References: <161116741504.28838.3011643882056868272@ietfa.amsl.com>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3654.40.0.2.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/K_L3X4nLfnY5xY0GLDptVTCfd04>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 00:09:24 -0000

Ben,

> On 21 Jan 2021, at 5:30 am, Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote:
> 
> (discuss point 1)
> Mike already filed https://github.com/quicwg/base-drafts/issues/4761
> and I think we can keep the discussion there.
> But to reiterate, we reference [SEMANTICS] for certificate validation
> and use in determining authority for the "https" scheme, yet the
> additional prose discussion we offer (with CN-ID and DNS-ID as the
> certificate fields to validate against, though not by that name) does
> not match what's currently present in [SEMANTICS].  Discussion so far on
> the linked issue against [SEMANTICS] suggests that [SEMANTICS] will
> change, but we should not go forward with this document until we've
> resolved the disparity.

The only situation where that's useful is if you believe certificate validation should operate in a different fashion for HTTP/3 from other versions of the protocol; is that the case?

>  (One might also wonder whether we need to
> duplicate the content ourselves or should just reference the other
> document(s).)

If the content is indeed the same, I hope we can agree that it shouldn't be duplicated; having every version of HTTP re-specify this isn't really workable.

Cheers,

--
Mark Nottingham   https://www.mnot.net/