Re: SNI requirement for H2 from Martin Thomson on 2015-04-03 (ietf-http-wg@w3.org from April to June 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 3 Apr 2015 12:58:20 -0700
To: Willy Tarreau <w@1wt.eu>
Cc: Roberto Peon <grmocg@gmail.com>, Nicholas Hurley <hurley@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnU58=SubwGjQBoHu1E8yLq=iBOdfyYOtBXbFki4m1YZkg@mail.gmail.com>

On 3 April 2015 at 12:25, Willy Tarreau <w@1wt.eu> wrote:
> On Fri, Apr 03, 2015 at 12:06:36PM -0700, Roberto Peon wrote:
>> Does anyone recall why 6066 has no SNI for IP literals? (It could be an
>> empty SNI field or the SNI could indicate the IP literal)?
>
> I find it surprizing as well, given that NAT/reverse proxy is very common
> in front of servers and that the address specified in the URL bar (hence in
> the SNI if it were sent) would be authoritative and would not necessarily
> match the one the server sees on the local socket.

I don't believe that anyone bothered to define it.  SNI was (and still
largely is) designed to solve the virtual hosting problem.  Clearly
you don't have that problem if you have an IP address.

As for using AUTH48, I think that all we need to do is add a "...if a
domain name is used." clause or something like that  The problem with
this is that it would require Specification Track Manager approval.

Received on Friday, 3 April 2015 19:58:52 UTC