IETF Logo Mail Archive

Re: [Webtransport] Choosing the Transport

Victor Vasiliev <vasilvv@google.com> Fri, 24 July 2020 07:39 UTC

Return-Path: <vasilvv@google.com>
X-Original-To: webtransport@ietfa.amsl.com
Delivered-To: webtransport@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B6363A0B19 for <webtransport@ietfa.amsl.com>; Fri, 24 Jul 2020 00:39:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZMDCFIgIff7 for <webtransport@ietfa.amsl.com>; Fri, 24 Jul 2020 00:39:11 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E38CD3A0B10 for <webtransport@ietf.org>; Fri, 24 Jul 2020 00:39:10 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id h22so8996823lji.9 for <webtransport@ietf.org>; Fri, 24 Jul 2020 00:39:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iR24vn5OxC04sn72tJ/hu3RP1w3kTU0B7RgW6fS/lPk=; b=EaxUBunFHExVtI4O9OLbEmhGjUMFgJKM0/O4eZnT3Lj8NHksr1Cplw9tHcIJ2oyM1u 0abZC3fHN+vyB3+8tBMvIeF+4CSv6VN2K/aiwReYuLkL7IcVLQyH7xfmMYSbyd0Ph+Ix GdhPQ9uCd10xd0Q64864LzibkFAhcF0CQTYNpfDHFfLVJwqZKUFl4Dh/SwIuCrZnQO2C MfZucnujanOXKVF/GEuu2a4wyUtge46WOCUdVUlxLPbKZ9otNnD9P0vUfiHKKUzNAWgF eelAxSHuIXy1KewUqdxwj1JL7XewkPEjFYZM9LkMI2wHFbKL7TljLuhvD24Y9zT7meHx zTyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iR24vn5OxC04sn72tJ/hu3RP1w3kTU0B7RgW6fS/lPk=; b=B38pcDTBAYeYxDBoBkZiv2z4Vt1CJPCZQtWFZ68Ox8DJb0mmHFBjaNUrhO7LLNTEC0 Lf5y8JPl21aJ38Evg2CIGpZKLE0p/k1QEVhPw1tusF09dfmNSZ6XsiF2OZx3zsennEDS RQSpAa428fE3CPqx5p83MqkWagwrcN1B52tLeQA3+SAI6tAAY493PTpftxfNWv+gn9AL cqw3yj20doDvDACM+qzLOm0iYDwcwyQhnqyKXtXheuB+SWFyDc7DzwXIfP7PPO9ZlP3u aDKeASwBF7PWzjIH5HwSN0NyYzxkWTkx5IPP7WW+/0nd+wN7uYYhigC6heM/zrnmjX5e nEDQ==
X-Gm-Message-State: AOAM531b/8LmD6lkzXJ7hqHGsy+voFAfO65FhYC8QF0Vj2wV7/amm95a wQnkDangK4lhIHCMEL3M7igVNWgKKZ0cS1jL90EbVz0A
X-Google-Smtp-Source: ABdhPJwOVpQdAJmi0yv0Rk343kqHiDBeDUD4i8T9ZN0Eo+fA7To5UjWVsW+/RJpLQFCNUiNA5tZmXF00epFLX0K5vsw=
X-Received: by 2002:a2e:9b87:: with SMTP id z7mr4112967lji.80.1595576348472; Fri, 24 Jul 2020 00:39:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAAZdMafWeaZhCVbObPgvYm5gxZu6ksV5VkSoF=8Mx9OJBDA5rA@mail.gmail.com> <3c3dd70a-a2f4-42f2-95c3-913c3afe3fb7@www.fastmail.com> <CAAZdMacQotXtab-5hso4jRadjnghz8zve3uOtvwO9KjebRq3FA@mail.gmail.com> <4a590d51-396c-4630-aa85-06ca252b4855@www.fastmail.com>
In-Reply-To: <4a590d51-396c-4630-aa85-06ca252b4855@www.fastmail.com>
From: Victor Vasiliev <vasilvv@google.com>
Date: Fri, 24 Jul 2020 03:38:57 -0400
Message-ID: <CAAZdMaf4Opx=uRsHNiMr4kw+Stnhr0gpt_0ffH_U2T4aKwsAvA@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: WebTransport <webtransport@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000076fca605ab2b11e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webtransport/EiSgLmItR3cE82FZM_49l1aE_6w>
Subject: Re: [Webtransport] Choosing the Transport
X-BeenThere: webtransport@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <webtransport.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webtransport>, <mailto:webtransport-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webtransport/>
List-Post: <mailto:webtransport@ietf.org>
List-Help: <mailto:webtransport-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webtransport>, <mailto:webtransport-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 07:39:13 -0000

On Fri, Jul 24, 2020 at 1:49 AM Martin Thomson <mt@lowentropy.net> wrote:

> On Fri, Jul 24, 2020, at 15:04, Victor Vasiliev wrote:
> > The questions raised regarding non-uniform support for features are
> relevant here, so this isn't completely free.
> >
> > What exactly do you mean by "non-uniform support for features"?
>
> Let's say that you like a particular extension to the protocol, but the
> server doesn't universally implement it across versions.  The worse case is
> where the extension works in one version, but not a protocol that you might
> otherwise prefer.  For instance, DATAGRAM support not being available in
> HTTP/3.
>
> This is just a natural consequence of building protocols up piecemeal.
> It's not a big deal, but it does tend to happen more with an existing
> protocol that you build on than a protocol you build from scratch.
>

I think the draft currently defines DATAGRAM as a requirement for
WebTransport over HTTP/3, so the question here would be something among the
lines of "what do we do when we have an active HTTP/3 connection in the
pool, but it has no WT support?".  I agree there's a lot of ambiguity in
this space right now, and it kind of exists between protocol space and the
API space.


>
> > I think the "origin model" question is automatically answered by the
> > URI scheme, since that would tell us if WebTransport can be, in
> > principle, same-origin to a Web page.
>
> I'm not sure that it is necessarily that simple.  This gets into the
> issues that Adam raised about cookies, and there are questions about CORS.
> It probably makes sense to recognize this as being exempt from CORS
> preflight on the understanding that support for the protocol implies an
> acknowledgment that ambient authority is NOT sufficient for authorization,
> but we also have to consider what state from the target origin is carried
> across into the WebTransport session.  Maybe we don't provide a way to
> carry cookies, but can we share connections?  Or session tickets?  I see
> from Bernard's response that the current thinking is to avoid this by
> avoiding connection reuse entirely.  I'm not yet convinced that this is the
> right answer.
>

I believe cookies are defined to be bound to a host-port tuple (since they
predate the origin model), meaning that the question is mostly just "do we
want to send them at all?", because the rules are otherwise clear.
Regarding CORS, I agree that a preflight is not necessary, and for what
it's worth, WebSocket does not do it already.
Sharing connections should probably follow the regular HTTP connection
reuse rules, which are nominally defined in RFC 7540
<https://tools.ietf.org/html/rfc7540#section-9.1>, but also depend on other
factors like the credentials mode
<https://fetch.spec.whatwg.org/#concept-request-credentials-mode> and
probably some other bespoke rules that aren't written down anywhere.
Session tickets in general are only bound by SNI, and for 0-RTT, by ALPN; I
don't think the behavior there depends on the application protocol in any
form.

v2.23.0 | Report a Bug | By Email