Re: [TLS] WGLC comments on draft-ietf-tls-applayerprotoneg-01

[Yoav Nir <ynir@checkpoint.com>]

On Aug 20, 2013, at 2:18 AM, Andrei Popov <Andrei.Popov@microsoft.com> wrote:

> 1. If the HTTP WG has reservations about registering an HTTP/2.0 protocol ID at this time, perhaps we should remove it from the draft. New protocol ID registrations will need to be added in the future, and HTTP/2.0 could be among them.

I have no problem with having HTTP/2.0 there now, as long as we're all clear that this does not relate to draft-ietf-httpbis-http2-xx, but only to the protocol in the eventual RFC.

> 2. ALPN defines protocol IDs as opaque byte strings, although the currently proposed protocol IDs consist of printable characters, for easy debugging, etc. ALPN protocol IDs are not meant to be displayed to the end user. I would prefer to keep the HTTP/1.1 protocol ID registration in the draft because it makes ALPN immediately useable for negotiating HTTP and SPDY connections.

It's not meant to be displayed to the end user, as in my mother surfing the web. But it's nice to be able to see a recognizable string in Wireshark. So yes, keep HTTP/1.1 (and HTTP/2.0). SPDY, however, should be experimental or some such. There's no reason to keep it in the registry forever, or place it in the registry in the first place.

> 3. The experimental namespace was requested by several TLS WG participants; it would be great if they could share their opinions of RFC 6648 section 3 "Recommendations for Creators of New Parameters".

I agree with the RFC. I prefer a private space that has an "owner". So we could have "Priv-GOOG-SPDY4" and "Priv-CHKP-SNX" and "Priv-MSFT-SSTP", where we don't have IANA keeping things pure and non-conflicting, but having an org name there can do. And yes, I can do a "Priv-yoavnir-foo", and hope this doesn't become an identifier for some major consulting company [1].

We also need something for IETF internal drafts, so I would recommend using the draft name including numbers (as in "draft-ietf-tls-applayerprotoneg-01"). Just reserve the names without hyphens to standards track, and require registration for those only.

Yoav

[1] http://www.yoavnir.com  (not me!)


> Thanks,
> 
> Andrei
> 
> -----Original Message-----
> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Martin Thomson
> Sent: Monday, August 19, 2013 11:04 AM
> To: tls@ietf.org
> Subject: [TLS] WGLC comments on draft-ietf-tls-applayerprotoneg-01
> 
> I have read the draft and think that it is largely ready for publication, though there are a few minor issues that should be resolved regarding application strings.
> 
> (I sent some of these comments to the authors privately.)
> 
> Can I request that when you create the registry in ALPN that you do not register HTTP/2.0?  More likely than not, ALPN will precede
> HTTP/2.0 and I want to avoid having a dependency issue, particularly if we find that we need to change the string for some reason.
> 
> I'm also a little concerned about the existence of a registration for HTTP/1.1, particularly when that registration differs from the string used in the protocol itself (even if only in letter case).  Have the authors consulted the HTTPbis working group about these registrations?
> 
> The other issue is the definition of the 'exp' prefix.  RFC 6648 advises against defining such constructs.  I would prefer if this prefix were not defined.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls