Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00 from David Benjamin on 2019-09-12 (ietf-http-wg@w3.org from July to September 2019)

From: David Benjamin <davidben@chromium.org>
Date: Wed, 11 Sep 2019 20:34:33 -0400
To: Mike Bishop <mbishop@evequefou.be>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>, Patrick McManus <mcmanus@ducksong.com>
Message-ID: <CAF8qwaBO5-go++AbS0gzaQNXuyT7wAdLjnB9Qx3Y-tDyw7K3Uw@mail.gmail.com>

On Mon, Sep 9, 2019 at 1:52 PM Mike Bishop <mbishop@evequefou.be> wrote:

> Giving this document a re-read, I take some issue with one wording choice
> that seems to be consistent throughout:
> ~~~
>    The former shares the same problems with multiplexed protocols, but
>    has a different name.  This makes it ambiguous whether post-handshake
>    authentication is allowed in TLS 1.3.
>
>    This document clarifies that the prohibition applies to post-
>    handshake authentication but not to key updates.
> ~~~
> It's not at all ambiguous whether the prohibitions in RFC7540 apply to TLS
> 1.3 -- they don't.    "Deployments of HTTP/2 that negotiate TLS 1.3 or
> higher need only support and use the SNI extension; deployments of TLS 1.2
> are subject to the requirements in the following sections."  The sections
> you're discussing are very explicitly excluded from covering TLS 1.3.
>

Aha! Somehow I'd missed that sentence. Thanks! I've applied MT's suggestion
and then reworded the document accordingly in
https://github.com/httpwg/http-extensions/pull/929.


> But the reasons for them still apply, so you're here defining those
> prohibitions against the new world of TLS 1.3.  This isn't a clarification
> of anything formerly ambiguous, but a new definition in the same spirit and
> for the same reason.
>
> The requirements themselves, I support.
>
> -----Original Message-----
> From: Mark Nottingham <mnot@mnot.net>
> Sent: Wednesday, September 4, 2019 11:16 PM
> To: HTTP Working Group <ietf-http-wg@w3.org>
> Cc: Tommy Pauly <tpauly@apple.com>; Patrick McManus <mcmanus@ducksong.com>
> Subject: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
>
> David indicates that he thinks we're ready for WGLC on this document:
>
>  https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00
>
> Please have a look through and bring up any issues here or on the issues
> list, and please indicate support (or lack thereof) for advancement on the
> mailing list. If you are implementing or intend to implement the
> specification, that would be useful information for us.
>
> WGLC will end on 19 September.
>
> Cheers,
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>
>
>

Received on Thursday, 12 September 2019 00:35:12 UTC