[TLS] Application-Layer Protocol Settings

Victor Vasiliev <vasilvv@google.com> Mon, 06 July 2020 19:13 UTC

Return-Path: <vasilvv@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8163A09CC for <tls@ietfa.amsl.com>; Mon, 6 Jul 2020 12:13:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vW0xmsBODyrh for <tls@ietfa.amsl.com>; Mon, 6 Jul 2020 12:13:02 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5619F3A09C6 for <TLS@ietf.org>; Mon, 6 Jul 2020 12:12:59 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id q7so33567934ljm.1 for <TLS@ietf.org>; Mon, 06 Jul 2020 12:12:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=gpF5lo7bAddunoqXtCAWWG5b8eN1zv6R+OQomFo6SZ8=; b=DgSos9Up71p445RYLMblv+4iOEeuJhxFKMqlmoz57ddQ2t2eCWSfxmtCymYm5KYoM6 SSqYYgkqwvJAEA6RacbOdUOB62eB89kD9LAHxyjJGugjwrj3ZY6CQyd6GzcwDTbM5rVB +/nrVqMXXRLQRLrvFY1XWp9ihGxIKWTTdL0k6qnRbVcwFroZTDC50bGf3uuG6jfv/No9 EcuJ5IQwD0mTrSZzc3BNQkuJkcG0v4DKK3FQRxaa8CJr+PnfPK/CCam+KnxdESXwi7VM fNAfDXlKQCkmaTGZlgjU6RFcS3enSGcThEMVFD9jwcXhdxd8fAXsXy2d5AI6YRn+Xg/V DDqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=gpF5lo7bAddunoqXtCAWWG5b8eN1zv6R+OQomFo6SZ8=; b=ZdUnzBDHtIqHjVQUOdt4ly8Rcjir257DjJSpJDuAvqps7CxiWP/KOVWoTFUSeo3XBm S7hVP4rMRUFICdWjcyRiFKzLlh9AGDG36MHg5IshS45rxbFmis6+UN60L09MKD8Uwl6G wiYqLekSKGfRAk+B8fWfmOh+AyuCzRS7qM1nylEi6xsp2TOpNRBMyhOHo4IB+pC82e3O 0TwVanPEbEdCx0gUwmECpxAjtaNrN7ksBQWMjwf5aXXR0ZjomguuaaoG1ILzb8wmuzTy daic7ZDckyEfzWni2bSQQJtCwKGRyKepKi7Q4nAeEwopGS5cUCGFRlXJfXQ9G14vMswB qOZQ==
X-Gm-Message-State: AOAM5320oXOc+Lrs8omHK5KpixZ4p77/retq+G6oDlcO0zADaC2iKmcO 6dK6V2lVT7W1solFnRljaOo8Lt3OQANevsjwryRXYCgydmY=
X-Google-Smtp-Source: ABdhPJzmPpPGvJEaorPZysEl0nwIQ1kqmPpJqgYroNEiQxaSYNfsQ+J7eIrV3ky4TLi1eSQLO65Q8e1qSGD987TjfqM=
X-Received: by 2002:a05:651c:106e:: with SMTP id y14mr1971885ljm.381.1594062776729; Mon, 06 Jul 2020 12:12:56 -0700 (PDT)
MIME-Version: 1.0
From: Victor Vasiliev <vasilvv@google.com>
Date: Mon, 6 Jul 2020 15:12:45 -0400
Message-ID: <CAAZdMaf2dKab0dJU8MLZc9JzEcVSvf8s9kgeZFo3tmsRtx2sNQ@mail.gmail.com>
To: "tls@ietf.org" <TLS@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="0000000000008f08ac05a9caa908"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/S_9C4TyKT5wQB5XU2MAkTb6pIW0>
Subject: [TLS] Application-Layer Protocol Settings
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 19:13:04 -0000

Hello TLS and HTTP working groups,

(QUIC WG bcc'd as this has been discussed there before)

Currently, we use SETTINGS frames as an extensibility mechanism in HTTP/2
and HTTP/3.  The SETTINGS frame is sent at the very beginning of TLS
application data; this approach, while simple, has some drawbacks.  The
most notable one is that when SETTINGS are used to negotiate extensions,
there is an entire round-trip where the client can send requests, but
doesn't know yet about any server extensions, thus making any
extension-dependant requests take an extra RTT.

The proposed solution to this problem is to move HTTP SETTINGS frame into
the TLS handshake.  Here are some issues where this has been discussed
before:

   - https://github.com/quicwg/base-drafts/issues/3086
   - https://github.com/quicwg/base-drafts/issues/3622
   - https://github.com/WICG/client-hints-infrastructure/pull/30

I wrote up a draft for the TLS extension that would solve this problem:
https://tools.ietf.org/html/draft-vvv-tls-alps-00

I also wrote up a draft that explains how to use that extension with HTTP,
and defines some settings (the ones discussed here
<https://github.com/quicwg/base-drafts/issues/3622>) that would not be
possible without it: https://tools.ietf.org/html/draft-vvv-httpbis-alps-00

I would appreciate feedback on those drafts.

Thanks,
  Victor.