Question regarding HTTP/2, SNI, and IP addresses from John Mattsson on 2021-06-18 (ietf-http-wg@w3.org from April to June 2021)

From: John Mattsson <john.mattsson@ericsson.com>
Date: Fri, 18 Jun 2021 12:30:17 +0000
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <HE1PR0701MB30500174B18EDB6C2704D15B890D9@HE1PR0701MB3050.eurprd07.prod.outlook.>

Hi,

It would be very kind if someone could confirm or refute the following for me:


RFC 7540:

”The TLS implementation MUST support the Server Name Indication (SNI) [TLS-EXT<https://datatracker.ietf.org/doc/html/rfc7540#ref-TLS-EXT>] extension to TLS.  HTTP/2 clients MUST indicate the target domain name when negotiating TLS.



Deployments of HTTP/2 that negotiate TLS 1.3 or higher need only support and use the SNI extension; deployments of TLS 1.2 are subject to the requirements in the following sections.”


Am I correct in my understanding that:

  *   HTTP/2 (RFC 7540) requires support of sending the target domain name in SNI for both TLS 1.2 and TLS 1.3.
  *   IP addresses cannot be sent in SNI.
  *   IP addresses are not domain names.
  *   Therefore, HTTP/2 with HTTPS requires domain names and cannot be used with IP addresses only.

Cheers,
John

Received on Friday, 18 June 2021 12:37:43 UTC