RE: http://tools.ietf.org/html/draft-nottingham-httpbis-alt-svc as a normative reference in http/2

My recollection is the same as Will’s with regard to the discussion and consensus in London.

It is correct that we are interested in using Upgrade and not Alt-Svc for upgrading HTTP URIs from HTTP 1.1 to HTTP/2.  I am not aware of anyone who is planning on implementing Alt-Svc for this scenario, but maybe there is someone out there who wants to support this/.. In addition, we are not planning on implementing TLS for HTTP URIs at this time and we definitely prefer explicit TLS with HTTPS URIs.  We are not planning on supporting the asymmetric load balancing or the SNI scenarios at this time.

I agree that most people have not changed their position since London.  In particular, I do not want to see the Alt-Svc work further delaying HTTP/2. Again my recollection was that there was strong consensus that this work was not going to block HTTP/2.  It follows that this reference should not be normative to prevent creating a dependency.

I am looking forward to the updated text which will give us something definitive to discuss..

Thanks!!

-Rob


From: willchan@google.com [mailto:willchan@google.com] On Behalf Of William Chan (???)
Sent: Wednesday, March 19, 2014 7:40 PM
To: Mark Nottingham
Cc: HTTP Working Group
Subject: Re: http://tools.ietf.org/html/draft-nottingham-httpbis-alt-svc as a normative reference in http/2

On Wed, Mar 19, 2014 at 6:38 PM, Mark Nottingham <mnot@mnot.net<mailto:mnot@mnot.net>> wrote:

On 20 Mar 2014, at 12:05 pm, William Chan (陈智昌) <willchan@chromium.org<mailto:willchan@chromium.org>> wrote:

>> We're going to propose that the alt-svc draft be a normative reference in HTTP/2 because the ALTSVC frame uses the concepts in there, not for any other reason. If you look at the -04 version of the alt-svc draft, you'll see that opportunistic / http://-over-TLS isn't mentioned, except for a very indirect one-sentence reference to the use case in the Introduction. Nor does it require implementation of or support for the Alt-Svc HTTP header field.
>>
>> Given that, are you still concerned about the reference?
>
> This mitigates my concerns greatly. I eagerly await the next version of the draft so I can comment on it more definitively.
OK. Do you understand that the pull request on the altsvc branch (for the http2 spec itself) contains the documentation for http:// over TLS?

Whoa, really? No, I did not understand that. I'm glad we're discussing this now. Thanks for pointing that out.


<https://github.com/http2/http2-spec/compare/altsvc#diff-8894168382f6487e5e38c4306e613a88R455>

Regardless, I'm a bit confused by your pushback. You don't seem to mind that we document this as an option, but have great concerns about *where* it's documented. From the standpoint of our specs, the important thing is what is required (with RFC2119 language), not now many documents it's factored into (which I consider largely an editorial concern; if we start re-factoring documents as a means of political compromise, it leads to bad things).

Sorry, I'm not trying to be dense here. I'm honestly just confused about what the status is of all the opportunistic encryption stuff. And my primary objective here is to clear up that confusion. My concern with the "where" it's documented is what people consider as part of HTTP/2. My personal opinion is that opportunistic encryption should not be considered a feature that we're adding in HTTP/2, therefore I definitely don't want it in the core spec, and to a lesser degree, I also don't want it as a normative reference, since my understanding is that implies that HTTP/2 has a normative dependency on opportunistic encryption.



>> Not sure how Zurich comes into it; London is the most recent meeting where this was discussed.
>
> It's because of what I said before - I don't think it was actually discussed in any real detail in London. I very distinctly remember Pat saying we should discussing opportunistic encryption in the httpbis session and getting tabled. And I know several people who were confused about whether or not there was an appropriate time to raise opportunistic encryption as a topic of discussion.
I've asked a few people, and their recollection (and mine) is different from yours. The minutes also seem to support my interpretation.

I'd appreciate those people coming up and stating that. I'm honestly just saying what I remember, and I'm fine with people disagreeing with my understanding of what happened. I just don't want it to happen quietly. I mean, Pat, is my description that far off from what you remember? I remember you telling me that Stephen was confused about when was appropriate for him to argue the case for opportunistic encryption. And I remember being at the mic when the hum was taken and saying that I wasn't sure what we were agreeing to in the hum.


In any case, we're discussing it now.

And I'm happy with that. I want to re-emphasize that my primary purpose with this thread is to make sure we get clarity on something that I thought was vague. If everyone else says they believe that the working group consensus indeed is to document http:// over TLS in the core HTTP/2 spec, then clearly I misunderstood, but am fine with being wrong about that understanding.


Cheers,


--
Mark Nottingham   http://www.mnot.net/

Received on Thursday, 20 March 2014 06:53:28 UTC