Re: Encouraging a healthy HTTP/2 ecosystem from Yoav Nir on 2014-07-03 (ietf-http-wg@w3.org from July to September 2014)

From: Yoav Nir <ynir.ietf@gmail.com>
Date: Thu, 3 Jul 2014 08:22:06 +0300
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <7DB719C0-E22C-4954-9A72-3571C7193113@gmail.com>

It’s somewhat of a chicken-and-egg thing, but in addition to Mike’s (a), (b), and (c), there’s also (d) firewalls have poor support for SCTP.

As an example, our firewall can recognize SCTP packets, and even mark SCTP “connections” (we call everything a “connection”, even if it’s UDP. The proper term should probably be “flows”), but the kind of rules you can configure are “this IP can/cannot do SCTP to this IP”. That’s like the TCP firewall we had in ’93, except it doesn’t even protect from network attacks. 

If HTTP-over-SCTP became a thing people use, we could write the support, we could add all of the HTTP inspection for malware and bot traffic and data leakage and unacceptable content and such, but that would take time. In the meantime, administrators would rather block SCTP, forcing browsers to TCP rather than let any and all traffic through. Even when we do add that support, we’re not Google. Old versions of our product keep running for years after we release a new version. I’m told that our “R65” version from 2007 is still used a lot, even though it’s out of support. 

So “surfing from work” will take a long time to be not blocked. Also, CPE routers people have at home are very likely not to handle SCTP the way draft-ietf-behave-sctpnat recommends, so browsing from home isn’t going to work very well either. Why would anyone deploy a website over SCTP then?  And if nobody deploys websites, why would browser vendors add the support?

On Jul 2, 2014, at 11:53 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> In message <CABaLYCvsmh=pqg3Sng72vvKbXTCbHt_mtDE-wtVRz9yiCbs=bA@mail.gmail.com>, Mike Belshe writes:
> 
> I've only heard the SCTP story through the people who worked on it
> in FreeBSD, and their verdict was simply "lack of interest" because
> people would rather squeeze through some random loophole, than
> attempt to architecture.
> 
> As for SCTP being the right or wrong basis I have no opinion.
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.
>

Received on Thursday, 3 July 2014 05:22:40 UTC