Re: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00

Folks, please have a read of the diff below, and say whether or not it addresses the WGLC comments. WGLC will end later this week.

Cheers,


> On 14 Sep 2019, at 8:51 am, David Benjamin <davidben@chromium.org> wrote:
> 
> I've now uploaded draft-ietf-httpbis-http2-tls13-01 which includes that PR.
> 
> https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-01 (link doesn't work as of writing but presumably will work later)
> https://www.ietf.org/id/draft-ietf-httpbis-http2-tls13-01.txt
> https://www.ietf.org/rfcdiff?url2=draft-ietf-httpbis-http2-tls13-01
> 
> On Wed, Sep 11, 2019 at 8:34 PM David Benjamin <davidben@chromium.org> wrote:
> On Mon, Sep 9, 2019 at 1:52 PM Mike Bishop <mbishop@evequefou.be> wrote:
> Giving this document a re-read, I take some issue with one wording choice that seems to be consistent throughout:
> ~~~
>    The former shares the same problems with multiplexed protocols, but
>    has a different name.  This makes it ambiguous whether post-handshake
>    authentication is allowed in TLS 1.3.
> 
>    This document clarifies that the prohibition applies to post-
>    handshake authentication but not to key updates.
> ~~~
> It's not at all ambiguous whether the prohibitions in RFC7540 apply to TLS 1.3 -- they don't.    "Deployments of HTTP/2 that negotiate TLS 1.3 or higher need only support and use the SNI extension; deployments of TLS 1.2 are subject to the requirements in the following sections."  The sections you're discussing are very explicitly excluded from covering TLS 1.3.
> 
> Aha! Somehow I'd missed that sentence. Thanks! I've applied MT's suggestion and then reworded the document accordingly in https://github.com/httpwg/http-extensions/pull/929.
>  
> But the reasons for them still apply, so you're here defining those prohibitions against the new world of TLS 1.3.  This isn't a clarification of anything formerly ambiguous, but a new definition in the same spirit and for the same reason.
> 
> The requirements themselves, I support.
> 
> -----Original Message-----
> From: Mark Nottingham <mnot@mnot.net> 
> Sent: Wednesday, September 4, 2019 11:16 PM
> To: HTTP Working Group <ietf-http-wg@w3.org>
> Cc: Tommy Pauly <tpauly@apple.com>; Patrick McManus <mcmanus@ducksong.com>
> Subject: Working Group Last Call: draft-ietf-httpbis-http2-tls13-00
> 
> David indicates that he thinks we're ready for WGLC on this document:
> 
>  https://tools.ietf.org/html/draft-ietf-httpbis-http2-tls13-00
> 
> Please have a look through and bring up any issues here or on the issues list, and please indicate support (or lack thereof) for advancement on the mailing list. If you are implementing or intend to implement the specification, that would be useful information for us.
> 
> WGLC will end on 19 September.
> 
> Cheers,
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 
> 

--
Mark Nottingham   https://www.mnot.net/

Received on Sunday, 15 September 2019 04:07:22 UTC