W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2018

RE: I-D Action: draft-ietf-httpbis-h2-websockets-03.txt

From: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
Date: Thu, 3 May 2018 08:39:18 +0000
To: Martin Thomson <martin.thomson@gmail.com>
CC: Biren Roy <birenroy@google.com>, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <7CF7F94CB496BF4FAB1676F375F9666A3BB27D0C@bgb01xud1012>
Hmm, quite right. So let me backtrack a bit...

I think the principle of greasing, as opposed to the specific TLS mechanism, could be justified to avoid HTTP/2 and HTTP/QUIC extension mechanism problems.

So this is not just settings but extension frames too. The tricky part is that they are not "negotiated", and work bidirectionally. So a slightly different approach than TLS is probably required. 

Tangentially, Alt-Svc parameters may suffer from extensibility problems too.

Lucas
________________________________________
From: Martin Thomson [martin.thomson@gmail.com]
Sent: 03 May 2018 00:56
To: Lucas Pardue
Cc: Biren Roy; Patrick McManus; HTTP Working Group
Subject: Re: I-D Action: draft-ietf-httpbis-h2-websockets-03.txt

Grease was definitely aimed a faulty servers as well.  There were a couple
of implementations of TLS that choked on new signature algorithms and -
from memory - named groups.  These were the direct motivation for the
grease design.

Sad news about okhttp.
On Thu, May 3, 2018 at 9:13 AM Lucas Pardue <Lucas.Pardue@bbc.co.uk> wrote:

> IMO GREASE was targeted a middleboxes that made assumptions about the way
some bit spaces were used. As an endpoint operator it is difficult to
influence such boxes.

> Incorrectly handling H2 settings is unfortunate but solely in the realm
of endpoints. It's non-compliance and should be fixed.

> A similar class of problems were found with (I think) some python
implementations around the handling of 1xx status codes. The approach was
to fix them.

> Regards
> Lucas
> ________________________________________
> From: Biren Roy [birenroy@google.com]
> Sent: 02 May 2018 23:26
> To: Patrick McManus
> Cc: HTTP Working Group
> Subject: Re: I-D Action: draft-ietf-httpbis-h2-websockets-03.txt

> Not related to the latest draft text, but regarding Websockets over
HTTP/2 generally: we recently discovered that versions of the okhttp client
library before 3.1.0 would send a GOAWAY upon receiving an unknown setting
ID. This is causing us some difficulty as we attempt to perform
interoperation tests with our implementation.

> I've heard a few people suggest that we try something like GREASE<
https://tools.ietf.org/html/draft-ietf-tls-grease-00> for HTTP/2 settings,
to expose this type of bug sooner.

> On Wed, May 2, 2018 at 5:24 PM Patrick McManus <mcmanus@ducksong.com
<mailto:mcmanus@ducksong.com>> wrote:
> Hey All -

> First, sorry for the churn of publishing -03 and -02 back to back.. I had
fixed a typo as my last change but failed to add it to the repo (left it on
a local branch) before pushing -02.. as I hope this is the LC copy, I
wanted to get it in there. At least we don't have an ID numbering tax
(yet?).

> Anyhow - -03 reflects the resolution of WGLC discussion as best as I can
manage..

> -P


> On Wed, May 2, 2018 at 5:05 PM, <internet-drafts@ietf.org<mailto:
internet-drafts@ietf.org>> wrote:

> A New Internet-Draft is available from the on-line Internet-Drafts
directories.
> This draft is a work item of the Hypertext Transfer Protocol WG of the
IETF.

>          Title           : Bootstrapping WebSockets with HTTP/2
>          Author          : Patrick McManus
>          Filename        : draft-ietf-httpbis-h2-websockets-03.txt
>          Pages           : 7
>          Date            : 2018-05-02

> Abstract:
>     This document defines a mechanism for running the WebSocket Protocol
>     over a single stream of an HTTP/2 connection.


> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-httpbis-h2-websockets/

> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-httpbis-h2-websockets-03
> https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-h2-websockets-03

> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-httpbis-h2-websockets-03


> Please note that it may take a couple of minutes from the time of
submission
> until the htmlized version and diff are available at tools.ietf.org<
http://tools.ietf.org>.

> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
Received on Thursday, 3 May 2018 08:39:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:15:20 UTC