W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2021

Re: Question regarding HTTP/2, SNI, and IP addresses

From: Ilari Liusvaara <ilariliusvaara@welho.com>
Date: Wed, 23 Jun 2021 11:54:28 +0300
To: ietf-http-wg@w3.org
Message-ID: <YNL2xA/lQdIHdVTn@LK-Perkele-VII2.locald>
On Wed, Jun 23, 2021 at 10:30:46AM +0200, Stephane Bortzmeyer wrote:
> On Tue, Jun 22, 2021 at 10:55:08AM +1000,
>  Martin Thomson <mt@lowentropy.net> wrote 
>  a message of 20 lines which said:
> 
> > > The TLS implementation MUST support the Server Name Indication
> > > (SNI) [TLS-EXT] extension to TLS. If the server is identified
> > > by a domain name [DNS-TERMS], clients MUST send the server_name
> > > TLS extension unless an alternative mechanism to indicate the
> > >target host is used.
> > 
> > -- https://httpwg.org/http2-spec/draft-ietf-httpbis-http2bis.html#section-9.2-2
> > 
> > Is that clearer?  There is also similar updates to the HTTP core
> > documents.
> > 
> > The intent was never to prohibit the use of IP addresses as
> > authority.
> 
> What are the possible "alternative mechanisms"?
 
I am not aware of any such mechanism in TLS (since this is HTTP/2,
QUIC is not relevant). I presume that the primary intent of that
language was to cover ESNI (which would have used its own extension
for SNI). However, ESNI was superceded by ECH (also known as ECHO),
which still uses server_name for application-visible transport-level
SNI. Secondarily, such language would be useful if someone ever wants
to transport HTTP/2 on top of something else than TLS.


-Ilari
Received on Wednesday, 23 June 2021 08:55:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 23 June 2021 08:55:14 UTC