RE: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00

Giving this document a re-read, I take some issue with one wording choice that seems to be consistent throughout:
~~~
   The former shares the same problems with multiplexed protocols, but
   has a different name.  This makes it ambiguous whether post-handshake
   authentication is allowed in TLS 1.3.

   This document clarifies that the prohibition applies to post-
   handshake authentication but not to key updates.
~~~
It's not at all ambiguous whether the prohibitions in RFC7540 apply to TLS 1.3 -- they don't.    "Deployments of HTTP/2 that negotiate TLS 1.3 or higher need only support and use the SNI extension; deployments of TLS 1.2 are subject to the requirements in the following sections."  The sections you're discussing are very explicitly excluded from covering TLS 1.3.

But the reasons for them still apply, so you're here defining those prohibitions against the new world of TLS 1.3.  This isn't a clarification of anything formerly ambiguous, but a new definition in the same spirit and for the same reason.

The requirements themselves, I support.

-----Original Message-----
From: Mark Nottingham <mnot@mnot.net> 
Sent: Wednesday, September 4, 2019 11:16 PM
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: Tommy Pauly <tpauly@apple.com>; Patrick McManus <mcmanus@ducksong.com>
Subject: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00

David indicates that he thinks we're ready for WGLC on this document:

 https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00

Please have a look through and bring up any issues here or on the issues list, and please indicate support (or lack thereof) for advancement on the mailing list. If you are implementing or intend to implement the specification, that would be useful information for us.

WGLC will end on 19 September.

Cheers,

--
Mark Nottingham   https://www.mnot.net/

Received on Monday, 9 September 2019 17:44:54 UTC