Re: alpn identifiers (not again!) from Martin Thomson on 2015-06-12 (ietf-http-wg@w3.org from April to June 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 11 Jun 2015 17:24:05 -0700
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWPPjfSd76_r+qwvJDrU-7JvKc0+YMDPSbdLJ-j8BNXEA@mail.gmail.com>

On 11 June 2015 at 16:59, Amos Jeffries <squid3@treenet.co.nz> wrote:
> I've been thinking in the last few days that the problem may be that
> there was never an "https" ALPN token minted to match it. At the time it
> seemed okay since there was also never a HTTPS protocol name and nobody
> hit problems. Now not so much.

RFC 7301 defines "http/1.1", which (I believe) refers to HTTP/1.1 over TLS.

> RFC 7301 did not specify non-TLS usage for these tokens. The initial
> seeded registrations just got a reference to the protocol being used
> over-TLS irregardless of whether it existed *only* over TLS or not.

> RFC 7230 defines two usages for over-TCP and over-TLS. Making RFC 7301
> imply by omission that there is one ALPN token for both.

Or that it only applies to "x" over TLS.  My interpretation.

Received on Friday, 12 June 2015 00:24:37 UTC