Re: SETTINGS_ENABLE_CONNECT_PROTOCOL and new protocols from Willy Tarreau on 2021-11-03 (ietf-http-wg@w3.org from October to December 2021)

From: Willy Tarreau <w@1wt.eu>
Date: Wed, 3 Nov 2021 04:54:28 +0100
To: Martin Thomson <mt@lowentropy.net>
Cc: ietf-http-wg@w3.org
Message-ID: <20211103035428.GA10106@1wt.eu>

On Wed, Nov 03, 2021 at 11:20:28AM +1100, Martin Thomson wrote:
> For example, my server might support WebTransport, so it declares support for
> :protocol with SETTINGS_ENABLE_CONNECT_PROTOCOL. However, it doesn't support
> WebSockets over anything but an upgraded HTTP/1.1 connection.  I don't think
> that you can just say "well implementing WebSockets for h2 is trivial if you
> already understand :protocol".  It's not trivial.
> 
> This is why I asked the question.  Is a generic negotiation really the best
> idea here?

That's why I suggest that we very likely need something like ALPN to
negotiate the upper level protocols (and I think that those transported
over CONNECT are the same as those we may transport over TLS as in both
cases these are raw tunnels).

But probably that we ought to see this differently: we could imagine
that in order to establish a tunnel with CONNECT + :protocol, we ought
to send the 200 back only once established from end-to-end, and plan
to indicate in return whether or not the requested protocol could
successfully be established or not. After all, in HTTP/1.1 it was
recommended not to push the payload before seeing the 200, and it seems
to me that we in fact have everything available here to perform some
adjustments. It's just that instead of negotiating we ought to attempt
to connect and get prepared to fall back. In case of failure we could
imagine sending an optional list of supported protocols in a header
(even :protocol or something else). It can be slightly harder for some
components but much more reliable than asking on a connection for
end-to-end support that will ultimately fail because the whole chain
was not validated. 

With such a minor adjustment we could state that instead of asking for
a single protocol in ":protocol", we could pass a list of protocols
(or ALPN-compatible tokens?) and that in case of successful connection
the accepted protocol would be returned (":protocol as well?").

Just my two cents,
Willy

Received on Wednesday, 3 November 2021 03:54:47 UTC