Re: [Masque] HTTP DATA frames for HTTP CONNECT?
Lucas Pardue <lucaspardue.24.7@gmail.com> Fri, 16 October 2020 00:28 UTC
Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39BE63A0D39; Thu, 15 Oct 2020 17:28:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUJ9H46RQ40f; Thu, 15 Oct 2020 17:28:40 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53EA93A0D31; Thu, 15 Oct 2020 17:28:40 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id x7so660859eje.8; Thu, 15 Oct 2020 17:28:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Xd3Yy1tFrAiDSPhSWXUQYRoxhwubCQmDQ2FLdh2IPi8=; b=Qqlal15khGSa5yTf8RYyrXbmtglObvRlBrGCdFdX8pUQDQfoyUcXu3nC9XH2Bwi5Vj VbgGsB6f2aGzuPiy973ujaU3LwpDMD2ifZ5gWucdUxqA96sDT/6YH0TNe1LrTVi8q0gN 7Z675klvo6sVqHf20+icVv2Wy59HV7gWeFYdqkK1kYu/AfvkVFmA1hJwMiYtB01fPXoD rQgA7frQK1b52PjoU7cpMyFIRBvun59aX/8le2KTsmHBjLaZbaGnpqRY8XRo7dFqlvqv TiO8BjVUbTmD6MfKYEDsUWwQEOFx4U4XJwuSV96eFbFDHu3dgQUmmpNeCltKhTL0BRhM Q2/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Xd3Yy1tFrAiDSPhSWXUQYRoxhwubCQmDQ2FLdh2IPi8=; b=dYYHttQXJbbeRpti8V1zxIrrB6Ev3AlB7tyKFh7lZamfuYaBBr+oHqgqH5N9lu9MMC syGj65aMHAI7vE4bwmg9qtsqo25JWWKlXDNwfgtooospLm4f2mwsAUe67m1g0P9mjJGl 9WCuXRWA81jusXPO5KU/Szq4Ydf7k0jY8wtxqIbELaDlOTxL1xeWHehDyTHb4vD+aETK g5QiFC8Lhx/OYgWkIWVruroxinQnH2dA6FgNclBGiv9B5ZBw+VC97YrlEwIyjnl1jdYX NkflcmXQWhnCKeU28LvL7Bqy84kURqn2zsSMAaBjFw3tX8RV7PyASb3H1+PAzApGX2bi G8hg==
X-Gm-Message-State: AOAM531V6/HWNlIMJa9ysSJf+3+Mpk9x/pyFthfF0WvyuANmiPIXQi/L Pfce0CEydRozQchX1AU+DEhVJNebBXB5eXce70s=
X-Google-Smtp-Source: ABdhPJyDXfsmYaQ7CQv3Ov77lF4fnyHSDl8sO4gWXf1p9pu8MPfubveg1JX8zDVuZJcxFc2aDky2dVdRm5SZp6HHaDY=
X-Received: by 2002:a17:906:5249:: with SMTP id y9mr1075165ejm.440.1602808118900; Thu, 15 Oct 2020 17:28:38 -0700 (PDT)
MIME-Version: 1.0
References: <A92255DF-F477-4DE6-9AA2-33373959E792@ericsson.com> <CAHbWFkRvGKpHRfBrstVpHdfDZLkQyks77O2sc-j0uV8tCWyS2Q@mail.gmail.com> <CALGR9oYC6o8BYgO5Sxb0yMFibzFn241OpWTh3njnMh3KQK8ejQ@mail.gmail.com> <72706E88-C329-4E8B-A09F-CAE27D223DC8@ericsson.com> <6918A78D-E2F1-42D9-BFE6-BA1285D67333@ericsson.com>
In-Reply-To: <6918A78D-E2F1-42D9-BFE6-BA1285D67333@ericsson.com>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Fri, 16 Oct 2020 01:28:29 +0100
Message-ID: <CALGR9oYTA0RgBtQV66XmgQ6utz_sn6Bzkws2M-80Aah2B4B8pw@mail.gmail.com>
Subject: Re: [Masque] HTTP DATA frames for HTTP CONNECT?
To: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Cc: Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>, Alex Chernyakhovsky <achernya@google.com>, "quic@ietf.org" <quic@ietf.org>, "masque@ietf.org" <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000091fadf05b1bed84e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/W5f6JbDLxAwSGwOgZ7CY2ibSzQc>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2020 00:28:42 -0000
Is the overhead really that bad though? A common case for CONNECT will be to tunnel TLS, so if you assume 16Kbyte records the frame overhead of 3 bytes comes out at ~0.02%. If you have TCP quarks that are smaller than DATA frames it's a different story. But the solution there is to have a large DATA frame and write into it several times. I'd hope that HTTP/3 implementations can offer streaming frame consumption. Buffering is going to cause all sorts of issues. Extension frames seem like a solid alternative. I know of at least one other proposal for a tighter coupling of DATA-like frame to STREAM. Cheers Lucas Cheers On Fri, 16 Oct 2020, 00:51 Mirja Kuehlewind, <mirja.kuehlewind@ericsson.com> wrote: > Damn, missing „not“ below… meant to say that you need the HTTP framing for > multiplexing in h2 but you don’t need it for that purpose in h3.. > > > > *From: *Masque <masque-bounces@ietf.org> on behalf of Mirja Kuehlewind > <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> > *Date: *Friday, 16. October 2020 at 01:44 > *To: *Lucas Pardue <lucaspardue.24.7@gmail.com>, Alex Chernyakhovsky < > achernya@google.com> > *Cc: *"quic@ietf.org" <quic@ietf.org>, "masque@ietf.org" <masque@ietf.org> > *Subject: *Re: [Masque] HTTP DATA frames for HTTP CONNECT? > > > > HI Lucas, > > > > RFC7231 defines CONNECT originally like this: > > > > “The CONNECT method requests that the recipient establish a tunnel to > > the destination origin server identified by the request-target and, > > if successful, thereafter restrict its behavior to blind forwarding > > of packets, in both directions, until the tunnel is closed.” > > > > So I would interpret that the connection is not really a HTTP connection > anymore after it has concluded the CONNECT. Again in HTTP/2 this did work > because of multiplexing but in HTTP/3 is would work again and effectively > maybe be the more flexible solution. > > > > Mirja > > > > > > *From: *Lucas Pardue <lucaspardue.24.7@gmail.com> > *Date: *Thursday, 15. October 2020 at 19:35 > *To: *Alex Chernyakhovsky <achernya@google.com> > *Cc: *Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, "masque@ietf.org" > <masque@ietf.org> > *Subject: *Re: [Masque] HTTP DATA frames for HTTP CONNECT? > > > > Hey Mirja, > > > > I'm against allowing unframed bytes on request streams. It limits > extensibility (as pointed out by Alex) and introduces complexity to > conventional HTTP/3 server implementations. HTTP desync attacks are > something that framing protects against, let's not introduce risk for the > sake of optimization. > > > > The good news is that DATA frames can span QUIC packets. So if you're ok > to take the hit once, you can send a very-long DATA frame and just keep > appending data to it. > > > > Cheers > > Lucas >
- FW: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Lucas Pardue
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Lucas Pardue
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Roberto Peon
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Lucas Pardue
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mark Nottingham
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mirja Kuehlewind
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Lucas Pardue
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Ian Swett
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Ian Swett
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Lucas Pardue
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Kazuho Oku
- Re: [Masque] HTTP DATA frames for HTTP CONNECT? Mikkel Fahnøe Jørgensen