Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00 from David Benjamin on 2019-09-13 (ietf-http-wg@w3.org from July to September 2019)

From: David Benjamin <davidben@chromium.org>
Date: Fri, 13 Sep 2019 18:51:06 -0400
To: Mike Bishop <mbishop@evequefou.be>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>, Patrick McManus <mcmanus@ducksong.com>
Message-ID: <CAF8qwaAx2za6F5RbsFn49ShrxtXqDxL-i1HBBdUjZtGWdUaWvg@mail.gmail.com>

I've now uploaded draft-ietf-httpbis-http2-tls13-01 which includes that PR.

https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-01 (link doesn't
work as of writing but presumably will work later)
https://www.ietf.org/id/draft-ietf-httpbis-http2-tls13-01.txt
https://www.ietf.org/rfcdiff?url2=draft-ietf-httpbis-http2-tls13-01

On Wed, Sep 11, 2019 at 8:34 PM David Benjamin <davidben@chromium.org>
wrote:

> On Mon, Sep 9, 2019 at 1:52 PM Mike Bishop <mbishop@evequefou.be> wrote:
>
>> Giving this document a re-read, I take some issue with one wording choice
>> that seems to be consistent throughout:
>> ~~~
>>    The former shares the same problems with multiplexed protocols, but
>>    has a different name.  This makes it ambiguous whether post-handshake
>>    authentication is allowed in TLS 1.3.
>>
>>    This document clarifies that the prohibition applies to post-
>>    handshake authentication but not to key updates.
>> ~~~
>> It's not at all ambiguous whether the prohibitions in RFC7540 apply to
>> TLS 1.3 -- they don't.    "Deployments of HTTP/2 that negotiate TLS 1.3 or
>> higher need only support and use the SNI extension; deployments of TLS 1.2
>> are subject to the requirements in the following sections."  The sections
>> you're discussing are very explicitly excluded from covering TLS 1.3.
>>
>
> Aha! Somehow I'd missed that sentence. Thanks! I've applied MT's
> suggestion and then reworded the document accordingly in
> https://github.com/httpwg/http-extensions/pull/929.
>
>
>> But the reasons for them still apply, so you're here defining those
>> prohibitions against the new world of TLS 1.3.  This isn't a clarification
>> of anything formerly ambiguous, but a new definition in the same spirit and
>> for the same reason.
>>
>> The requirements themselves, I support.
>>
>> -----Original Message-----
>> From: Mark Nottingham <mnot@mnot.net>
>> Sent: Wednesday, September 4, 2019 11:16 PM
>> To: HTTP Working Group <ietf-http-wg@w3.org>
>> Cc: Tommy Pauly <tpauly@apple.com>; Patrick McManus <mcmanus@ducksong.com
>> >
>> Subject: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
>>
>> David indicates that he thinks we're ready for WGLC on this document:
>>
>>  https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00
>>
>> Please have a look through and bring up any issues here or on the issues
>> list, and please indicate support (or lack thereof) for advancement on the
>> mailing list. If you are implementing or intend to implement the
>> specification, that would be useful information for us.
>>
>> WGLC will end on 19 September.
>>
>> Cheers,
>>
>> --
>> Mark Nottingham   https://www.mnot.net/
>>
>>
>>
>>

Received on Friday, 13 September 2019 22:51:47 UTC