Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00 from Martin Thomson on 2019-09-05 (ietf-http-wg@w3.org from July to September 2019)

From: Martin Thomson <mt@lowentropy.net>
Date: Thu, 05 Sep 2019 13:48:13 +1000
To: ietf-http-wg@w3.org
Message-Id: <9cadc50c-4e5a-434b-90a2-dbcb71720567@www.fastmail.com>

LGTM.  With a possible suggestion.

Having just re-reviewed this concise and well-written document, and in tripping over the KeyUpdate piece, I think that we should have more general language about post-handshake messaging in TLS.  Anything that is strictly TLS-specific shouldn't be prohibited by this, but it somewhat implies that.  For instance, the heatbeat extension should be permitted.  

Maybe replace the language about KeyUpdate and instead say something like:

```
4.  Other Post-Handshake TLS Messages in HTTP/2

   Section 9.2.1 of [RFC7540] does not extend to TLS 1.3 messages that are exchanged after the handshake is complete.  This includes KeyUpdate messages, which only affect TLS itself and do not require any interaction with the application protocol.  HTTP/2 implementations MUST support key updates when TLS 1.3 is negotiated.

   Unless the use of a new type of TLS message depends on an interaction with the application layer protocol, that TLS message can be sent after the handshake completes.

   NewSessionTicket messages are explicitly permitted.  Though these interact with HTTP when early data is enabled, these interactions are well defined in RFC 8470 and allowed for in the design of HTTP/2.
```

I realize that this is a change, but I want to ensure that the TLS working group doesn't have to come back and update this document if they decide to add some messaging that only affects the operation of TLS.

Cheers,
Martin

On Thu, Sep 5, 2019, at 13:15, Mark Nottingham wrote:
> David indicates that he thinks we're ready for WGLC on this document:
> 
>  https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00
> 
> Please have a look through and bring up any issues here or on the 
> issues list, and please indicate support (or lack thereof) for 
> advancement on the mailing list. If you are implementing or intend to 
> implement the specification, that would be useful information for us.
> 
> WGLC will end on 19 September.
> 
> Cheers,
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 
>

Received on Thursday, 5 September 2019 03:49:00 UTC