Re: Question regarding HTTP/2, SNI, and IP addresses

On Fri, Jun 18, 2021, at 22:30, John Mattsson wrote:
> Am I correct in my understanding that:
> 
>  * HTTP/2 (RFC 7540) requires support of sending the target domain name 
> in SNI for both TLS 1.2 and TLS 1.3.
>  * IP addresses cannot be sent in SNI.
>  * IP addresses are not domain names..
>  * Therefore, HTTP/2 with HTTPS requires domain names and cannot be 
> used with IP addresses only.

The revision says:

> The TLS implementation MUST support the Server Name Indication (SNI) [TLS-EXT] extension to TLS. If the server is identified by a domain name [DNS-TERMS], clients MUST send the server_name TLS extension unless an alternative mechanism to indicate the target host is used.

-- https://httpwg.org/http2-spec/draft-ietf-httpbis-http2bis.html#section-9.2-2

Is that clearer?  There is also similar updates to the HTTP core documents.

The intent was never to prohibit the use of IP addresses as authority.  That you might interpret the text that way is just an error.

Received on Tuesday, 22 June 2021 00:56:33 UTC