Context Navigation

← Previous Change
Next Change →

Changeset 2490 for wg_materials/ietf88

Timestamp:

12/11/13 06:43:28 (9 years ago)

Author:

mnot@…

Message:

line-wrap minutes

File:

: 1 edited

wg_materials/ietf88/minutes.txt (modified) (28 diffs)

Legend:

: Unmodified
: Added
: Removed

wg_materials/ietf88/minutes.txt

-                      r2489
+                      r2490
 #### IETF LC summary
+Julian says, that the issues received were mostly editorial issues.  All those issues received were addressed.
+Julian  notes that editorial feedback from APPSDIR and SECDIR, plus IANA  feedback; no individual issues raised.  Unless new issues come up, we  are ready to move on in the process.
+Barry  notes that they did a short IETF LC, so that they would have comments  for the meeting.  The IESG will get plenty of time, to avoid hasty and  unfortunate reviews.  Mid-December telechat targeted. After that, RFCs!   And life will be good.
+Mark confirms for Barry that there are no document references which would cause an RFC editor blockage.
+Julian says, that the issues received were mostly editorial issues. All those
+issues received were addressed.
+Julian notes that editorial feedback from APPSDIR and SECDIR, plus IANA
+feedback; no individual issues raised. Unless new issues come up, we are ready
+to move on in the process.
+Barry notes that they did a short IETF LC, so that they would have comments for
+the meeting. The IESG will get plenty of time, to avoid hasty and unfortunate
+reviews. Mid-December telechat targeted. After that, RFCs! And life will be
+good.
+Mark confirms for Barry that there are no document references which would cause
+an RFC editor blockage.
 Mark also approved of Barry's bowtie
 …
 Julian recorded this as a design issue because this hadn't be considered.
+Roy is OK with MUST on the content-length, that's a framing issue.  p5 is different because it is an optional feature and if this fails, the thing breaks.
+Barry is concerned that even for an optional feature, this needs to be defined so that it can work.  He is also concerned about this turning into a security problem (integer overflow, etc...)
+Mark: describes a cached 206 and the potential consequences of overflow in that case.  Agreement that this might cause corruption.
+Roy is OK with MUST on the content-length, that's a framing issue. p5 is
+different because it is an optional feature and if this fails, the thing breaks.
+Barry is concerned that even for an optional feature, this needs to be defined
+so that it can work. He is also concerned about this turning into a security
+problem (integer overflow, etc...)
+Mark: describes a cached 206 and the potential consequences of overflow in that
+case. Agreement that this might cause corruption.
 Roy: OK with MUST
 …
 ##### #519 conneg + proactive and reactive
+Roy: Henry has studied the use of 300 and 406 status codes and found that they aren't used.  This doesn't mean that reactive conneg isn't used.  Roy thinks that Henry hasn't read and understood the argument, and is instead arguing from the TAG.  Roy doesn't see anything that he can fix.
+Mark: Henry may be suffering a misaprehenshion that reactive == 300, when that is made clear elsewhere in the spec.
+Roy: Henry has studied the use of 300 and 406 status codes and found that they
+aren't used. This doesn't mean that reactive conneg isn't used. Roy thinks that
+Henry hasn't read and understood the argument, and is instead arguing from the
+TAG. Roy doesn't see anything that he can fix.
+Mark: Henry may be suffering a misaprehenshion that reactive == 300, when that
+is made clear elsewhere in the spec.
 Conclusion: close, no fix.
 …
 ##### #432 cacheability of status codes
+^31 for max-age currently, why not 2^31-1.  Do we leave this as-is and have this special case (2^31 exactly), or do we reduce the limit, or do we leave the max off.
+^31 for max-age currently, why not 2^31-1. Do we leave this as-is and have
+this special case (2^31 exactly), or do we reduce the limit, or do we leave the
+max off.
 Barry suggests that once you explain it, you can do anything.
 Roy: this is so arbitrary.  We don't know why.
+Roy: this is so arbitrary. We don't know why.
 Stuart Cheshire: it's MAX_INT but probably a mistake
 …
 ##### On 2119 language
+Mark doesn't want to rathole on this, but notes that HTTP is using its own dialect and using it consistently.
+Julian notes that the fact that this is the issue that is raised most often, so the spec must be pretty good.
+Mark doesn't want to rathole on this, but notes that HTTP is using its own
+dialect and using it consistently.
+Julian notes that the fact that this is the issue that is raised most often, so
+the spec must be pretty good.
 ##### -25 drafts
+As soon as possible.  Then IESG comments.  Then maybe another iteration.  Plan is to reach the RSE in January.
+As soon as possible. Then IESG comments. Then maybe another iteration. Plan is
+to reach the RSE in January.
 ((what was the 2147483648 issue??))
+Issue #512, APPSIDR review
+There is a 2147483648 (2**31) maximum for the delta-second value. APPSDIR wondered why this wasn't 2**31 - 1. As this is a historical value (apparently for creating a kind of NaN value for integers), decision is to keep it (to prevent breaking existing implementation), but add a note about it.
+No, sorry, I missed that...Issue number?
+#### Issue #512, APPSIDR review
+There is a 2147483648 (2**31) maximum for the delta-second value. APPSDIR
+wondered why this wasn't 2**31 - 1. As this is a historical value (apparently
+for creating a kind of NaN value for integers), decision is to keep it (to
+prevent breaking existing implementation), but add a note about it.
 ### HTTP/2.x
 …
 #### Issue 1: Upgrade Mechanism
+Mark talks about Alt-Svc, Upgrade (https://tools.ietf.org/html/draft-nottingham-httpbis-alt-svc-00)
+Mike Bishop: whether we do this or not, it's not something for the spec.  Talks about Upgrade and the feature not well known where the server can advertise support for HTTP/2.0 (as well as responding to client requests to upgrade).
+Mark talks about Alt-Svc, Upgrade
+(https://tools.ietf.org/html/draft-nottingham-httpbis-alt-svc-00)
+Mike Bishop: whether we do this or not, it's not something for the spec. Talks
+about Upgrade and the feature not well known where the server can advertise
+support for HTTP/2.0 (as well as responding to client requests to upgrade).
 Mark got the impression that there were lots of corner cases with Upgrade.
+Mike: The performance problem is actually worse if you need to create a new connection.
+Mike: The performance problem is actually worse if you need to create a new
+connection.
 Mark: Caching the information avoids that problem.
 …
 Mike: That's possible in other cases.
+Stuart: Modular design requires separation.  Performance often requires that those barriers are broken.
+Mark: Breaking the strong tie between locator and server is desirable, particularly because the HTTP/2.0 connection could be long lived and parking connections long term can present a problem for servers who need to offload clients.
+Stuart: Modular design requires separation. Performance often requires that
+those barriers are broken.
+Mark: Breaking the strong tie between locator and server is desirable,
+particularly because the HTTP/2.0 connection could be long lived and parking
+connections long term can present a problem for servers who need to offload
+clients.
 Dan Druta: concerned about lack of transparency.
 …
 Will Chan: the client is able to choose
+Ted Hardie: there are a lot of potential corner cases here, and despite a desire to avoid corner cases, it might be that you haven't avoided those.  Maybe we can talk about alternative services that are delivered at the same host.  That makes a lot of the problems go away.  Separating same-host and different-host might reduce the complexity inherent in the solution.
+Ted Hardie: there are a lot of potential corner cases here, and despite a
+desire to avoid corner cases, it might be that you haven't avoided those. Maybe
+we can talk about alternative services that are delivered at the same host.
+That makes a lot of the problems go away. Separating same-host and
+different-host might reduce the complexity inherent in the solution.
 Mark: just a small thing, security considerations.
+Ted: distinction is important between certificate of www.example.com and certificate that is valid for www.example.com
+Mark: Still thinks that the connection characteristics will require that later thing.
+Ted: distinction is important between certificate of www.example.com and
+certificate that is valid for www.example.com
+Mark: Still thinks that the connection characteristics will require that later
+thing.
 Ted: HTTP/2.0 only, which might require new URI scheme
 …
 Mark: you had me up until you said "new URI scheme"
+Gabriel M: Agrees with Ted, the CDN issues are not specific to HTTP/2.0.  Concerned about putting risk on our current schedule.  For just the in-the-clear upgrade, this doesn't buy anything over the existing (i.e., Upgrade) solution in the draft.
+Gabriel M: Agrees with Ted, the CDN issues are not specific to HTTP/2.0.
+Concerned about putting risk on our current schedule. For just the in-the-clear
+upgrade, this doesn't buy anything over the existing (i.e., Upgrade) solution
+in the draft.
 Mark: issues with upgrade: blocking while upgrade goes
+Ted: two ports on the same host is not something that we worry about, it's the different host scenarios that cause concerns.
+Ted: two ports on the same host is not something that we worry about, it's the
+different host scenarios that cause concerns.
 Gabriel: Origin issues
+Gabriel: maybe this is another option for dealing with discovery of HTTP/2.0, so that you can avoid Upgrade
+Will: Channelling jpinner: this isn't in major deployments yet, but would like to restrict this to stuff that people use
+Will: maybe something more like ALternate-Protocol (no host shift) is interesting.
+Will + Patrick McManus: Chrome and Firefox aren't interested in HTTP/2.0 in the clear.
+Gabriel: maybe this is another option for dealing with discovery of HTTP/2.0,
+so that you can avoid Upgrade
+Will: Channelling jpinner: this isn't in major deployments yet, but would like
+to restrict this to stuff that people use
+Will: maybe something more like ALternate-Protocol (no host shift) is
+interesting.
+Will + Patrick McManus: Chrome and Firefox aren't interested in HTTP/2.0 in the
+clear.
 Rob Trace: Microsoft is interested in HTTP/2.0 in the clear.
+Mark: we're not ripping Upgrade, though we may if it turns out to be poorly implemented
+Mark: question is whether we want to bring alt-svc (or a reduced form) into the spec in order to gain experience with it
+Patrick: There are some problems in the draft; Patrick offers to help with the draft
+Patrick: There are a ton of corner cases in Upgrade.  Two objections are: it's not going to work, and it's not going to be secure.
+Eliot Lear: Questions relate to the caching of the response, in particularm when you start going HTTP/2.0 directly on some port, what happens when you move location.
+Mark: we're not ripping Upgrade, though we may if it turns out to be poorly
+implemented
+Mark: question is whether we want to bring alt-svc (or a reduced form) into the
+spec in order to gain experience with it
+Patrick: There are some problems in the draft; Patrick offers to help with the
+draft
+Patrick: There are a ton of corner cases in Upgrade. Two objections are: it's
+not going to work, and it's not going to be secure.
+Eliot Lear: Questions relate to the caching of the response, in particularm
+when you start going HTTP/2.0 directly on some port, what happens when you move
+location.
 Mark: if you detect a network change, then clear your cache
+Julian: Theory on why clients do not implement Upgrade: on other clients it requires writing both HTTP/1.1 and HTTP/2.0 both, which for testing clients is a big burden.
+Roberto: this affects both HTTP specs, and it makes the most sense as a standalone.  Maybe you want to downgrade from HTTP/2.0 to HTTP/1.1
+Julian: Theory on why clients do not implement Upgrade: on other clients it
+requires writing both HTTP/1.1 and HTTP/2.0 both, which for testing clients is
+a big burden.
+Roberto: this affects both HTTP specs, and it makes the most sense as a
+standalone. Maybe you want to downgrade from HTTP/2.0 to HTTP/1.1
 Mark: preparing for an adoption hum
 …
 Ted: maybe revise before continuing,
+Mark: proposes that he and Patrick revise the doc based on the discussion and the editors will add a reference to the spec for that.
+Mark: call for input from implementers to determine if it is implementable and addresses the issues
+Mark: proposes that he and Patrick revise the doc based on the discussion and
+the editors will add a reference to the spec for that.
+Mark: call for input from implementers to determine if it is implementable and
+addresses the issues
 #### Issue 270: Priority Levelling
 Talked about this lots.  Might have to delay this one.
+Talked about this lots. Might have to delay this one.
 Martin: propose that we move this faster
+Will: wanted to collect data that provides justification for the complexity; unable to do this because SPDY/4 is vapourware
+Will: wanted to collect data that provides justification for the complexity;
+unable to do this because SPDY/4 is vapourware
 Mark: we need to get this soon, maybe we ship without a fix
 …
 Martin: Issues around negotiation of extensions
+Roberto: we want to be able to experiment, but we don't know about what those experiments might look like
+Roberto: we want to be able to experiment, but we don't know about what those
+experiments might look like
 #### Issue 292: Cookie Crumbing
 …
 Mark: cookies were always special fro the outset, but we never documented it
+Mark: some people didn't want to do this, but he wasn't convinced by those arguments
+Mark: some people didn't want to do this, but he wasn't convinced by those
+arguments
 Roberto: doesn't like NULL being treated specially
 …
 Martin: we can require that intermediaries preserve order
+Roberto: it's easy, you decompress, then compress, but ensure that you compress in order
+Roberto: it's easy, you decompress, then compress, but ensure that you compress
+in order
 Julian: why?
 …
 Mark: nulls are being used to concatenate headers into a single header
+Roberto: nulls were one way to preserve order, double toggle ensures that you can always control the order that headers are emitted by the decompressor
+Roberto: nulls were one way to preserve order, double toggle ensures that you
+can always control the order that headers are emitted by the decompressor
 Roberto: if we do nulls, that shouldn't be a compressor problem
 …
 Mark: AD?
+Barry: are you assuming that cookies will be used the same way in HTTP/2.0 as one [yes, transition]
+Barry: are you assuming that cookies will be used the same way in HTTP/2.0 as
+one [yes, transition]
 Mark: maybe we should have a chat with Adam Barth
 …
 Mark: why does this need to be negotiated?
 ROberto: negotiation saves you from complexity
+Roberto: negotiation saves you from complexity
 Martin: plunge the knife in and we can see if the patient squeals too loudly
 …
 #### Issue 216: Alternate Reference Sets
+Herve':
+Roberto: simple and better than the original proposal and it seems to accomplish the goal
+Herve':
+Roberto: simple and better than the original proposal and it seems to
+accomplish the goal
 Mark: let's do it
 ## Tuesday Session
 …
 EKR: You can't change the cert and ALPN codepoints, but you can resume.
+Michael Tuexun: Is there a reason you don't provide this for a general mechanism?
+Michael Tuexun: Is there a reason you don't provide this for a general
+mechanism?
 SF: You need to register the name.
 …
 SF: We did it because the port number is not reasonable to have different
+Roberto Peon: This is there to negotiate the protocol, of anything else would be very strange.
+Mike Bishop: There is another extension that can be used for passing arbitrary application data, but I cannot recall the RFC number
+Roberto Peon: This is there to negotiate the protocol, of anything else would
+be very strange.
+Mike Bishop: There is another extension that can be used for passing arbitrary
+application data, but I cannot recall the RFC number
 (RFC 4680)
+Sean Turner: If we're going to make it expert review, should it be only security or only apps or some combination?
+Yoav Nir: Expert review should be in security because it can be used for other protocols.
+Sean Turner: If we're going to make it expert review, should it be only
+security or only apps or some combination?
+Yoav Nir: Expert review should be in security because it can be used for other
+protocols.
 Eliot Lear: When my mother offered chocolate or vanilla, I always took both.
+Mark Nottingham: I was concerned about how registration works, but I think we're ok there now.
+Mark Nottingham: I was concerned about how registration works, but I think
+we're ok there now.
 ### HPACK review [Roberto Peon]
+Actions by the Security folk to review and analyze.  Mark and Stephen to discuss how to get adequate review, now that the documents have settled down.
+EKR: Is it correct that the attack is effectively a brute force attack if you can't guess the secret.  Are you saying that is weaker now?
+Actions by the Security folk to review and analyze. Mark and Stephen to discuss
+how to get adequate review, now that the documents have settled down.
+EKR: Is it correct that the attack is effectively a brute force attack if you
+can't guess the secret. Are you saying that is weaker now?
 Roberto Peon: I'm saying that was weaker when you are using a stream compressor.
 …
 Stephen Farrel: Do we know someone good at analyzing it?
+RP: There are a few people have looked into it.  It was not about HPACK, but on the general use of Huffman.
+RP: There are a few people have looked into it. It was not about HPACK, but on
+the general use of Huffman.
 Stephen Farrell: What is the timeframe that an analysis is useful?
 …
 RP: It's always easy to compress nothing.
+NM: For the WG, we wanted to finish this up by next year, and we're on track.  We are getting implementation experience.  If we get this done by middle of next year, and it explodes, then we'll have problems.  But this is something we can get fixed with HTTP/2.1 or its successor.  This protocol needs to be easier to version.
+NM: For the WG, we wanted to finish this up by next year, and we're on track.
+We are getting implementation experience. If we get this done by middle of next
+year, and it explodes, then we'll have problems. But this is something we can
+get fixed with HTTP/2.1 or its successor. This protocol needs to be easier to
+version.
 Stephen Farrel: So we really want analysis within the next six months.
+Yoav Nir: This table needs to be in both the client and server, and needs to be rather large.  It's possible that the table might not be optimal in the future.
+RP: We could just go with plaintext encoding, or we use another table or version the protocol.  We know that it's possible to transmit a new table, but we're not sure it's really worhtwhile right now.
+EKR: On the threat model, most of the chosen plaintext attacks have exploited some functionality of protocol to repeated induce response.  As you suggest, cookies could use arbitrary entropy.  What we need to be observant about is other forms of data that are lower entropy that you can get clients to send repeatedly, like credit cards, passwords, and PINs.
+RP:  I agree the smaller the thing the easier it is.  If I have to guess a PIN, then I think their security model is already broken.
+Yoav Nir: This table needs to be in both the client and server, and needs to be
+rather large. It's possible that the table might not be optimal in the future.
+RP: We could just go with plaintext encoding, or we use another table or
+version the protocol. We know that it's possible to transmit a new table, but
+we're not sure it's really worhtwhile right now.
+EKR: On the threat model, most of the chosen plaintext attacks have exploited
+some functionality of protocol to repeated induce response. As you suggest,
+cookies could use arbitrary entropy. What we need to be observant about is
+other forms of data that are lower entropy that you can get clients to send
+repeatedly, like credit cards, passwords, and PINs.
+RP: I agree the smaller the thing the easier it is. If I have to guess a PIN,
+then I think their security model is already broken.
 EKR: We are changing the security model somewhat.
 …
 NM: I think it's worth explain our proposal on cookie crumbs.
+RP: We're looking at breaking cookies, but it's not clear this is making things easier or harder.  If the encoder is naive and puts a small secret on its own, then you've reduced the total secrecy.
+Jim Rosekind: IFirst interesting to note that the uncompressed case calls for the client to ask repeatedly, and some servers will get pissed off about that.
+JR: Second thought is about using the static table. If the result took a data set, and you run this numerous times and analyse the space you actually need to explore.
+RP: That was something the paper I talked about earlier, one could pare down the state space based on the bits on the wire.  It was a very small reduction -- it was still exponential.
+RP: We're looking at breaking cookies, but it's not clear this is making things
+easier or harder. If the encoder is naive and puts a small secret on its own,
+then you've reduced the total secrecy.
+Jim Rosekind: IFirst interesting to note that the uncompressed case calls for
+the client to ask repeatedly, and some servers will get pissed off about that.
+JR: Second thought is about using the static table. If the result took a data
+set, and you run this numerous times and analyse the space you actually need to
+explore.
+RP: That was something the paper I talked about earlier, one could pare down
+the state space based on the bits on the wire. It was a very small reduction --
+it was still exponential.
 Stephen Farrel:  I'm wondering if the headers would be impacted by this.
+RP: One of the things about having a compressor like this is people might use larger secrets, because the cost is less.
+Paul Hoffman: I think you'll need to solicit for those reviews outside of just security.
+RP: One of the things about having a compressor like this is people might use
+larger secrets, because the cost is less.
+Paul Hoffman: I think you'll need to solicit for those reviews outside of just
+security.
 Stephen Farrel: Between us we should try to find some way of getting review.
+Lucy Lynch:  There are a lot of people around that have experience in this, but not exactly in the same problem space.
+Jim Rosekind: when you look at this pseudo random cookies that actually use a pattern.  Using a greater amount of entropy can reduce the benefit from huffman encoding.
+RP: With all due respect, you're wrong (-:  This is generally base64 encoding, so it's already reduced.
+JR: You're right that is using a reduced input set, but the tables might not favor some of the inputs.
+Lucy Lynch: There are a lot of people around that have experience in this, but
+not exactly in the same problem space.
+Jim Rosekind: when you look at this pseudo random cookies that actually use a
+pattern. Using a greater amount of entropy can reduce the benefit from huffman
+encoding.
+RP: With all due respect, you're wrong (-: This is generally base64 encoding,
+so it's already reduced.
+JR: You're right that is using a reduced input set, but the tables might not
+favor some of the inputs.
 YN: I thought one of the goals is to change to use binary encodings.
 …
 RP: We can't quite do that because of interop problems with 1.1
+RP: Right now, the Huffman tables are different for requests and responses.  The differences are noticable, and we've have talked about using a third table for cookies, but we haven't seen a good benefit there.  We haven't actually seen the compressiong being larger so far.
+JR: It is much more plausible if you're using ASCII characters in unif ways, but once you bring in the english language it gets easier.
+RP: I agree but we haven't tried that yet for complexity reasons.  We haven't made an issue for that yet.
+Martin Thomson: There's plenty of places that such things show up, not just cookies.
+RP: Right now, the Huffman tables are different for requests and responses. The
+differences are noticable, and we've have talked about using a third table for
+cookies, but we haven't seen a good benefit there. We haven't actually seen the
+compressiong being larger so far.
+JR: It is much more plausible if you're using ASCII characters in unif ways,
+but once you bring in the english language it gets easier.
+RP: I agree but we haven't tried that yet for complexity reasons. We haven't
+made an issue for that yet.
+Martin Thomson: There's plenty of places that such things show up, not just
+cookies.
 RP: Part of the problem for attackers is you don't know where the secret is.
 …
 ### Encryption and HTTP/2 + Opportunistic Encryption
  Mark Nottingham presenting
 ** NOTE: slides are _NOT_ on the materials page**
+Ted Hardie: One of the big questiosn from yesterday was why would anyone want an HTTP/2 connection that was plaintext.  If we can go from two states to two by eliminating the cleartext then we're in a better place.
+Ted Hardie: One of the big questiosn from yesterday was why would anyone want
+an HTTP/2 connection that was plaintext. If we can go from two states to two by
+eliminating the cleartext then we're in a better place.
 #### Alternate Proposal for Discovery
 …
 Paul Hoffman presenting
+Use DNS to determine if the server for http: likely has a TLS equivalent, instead of using HTTP headers.  The two are not necssarily orthogonal.  This is a mechanism difference, not a conceptual difference.
+Phil Haram-Baker: In my proposal, you can find the information in DNS because that's what DNS is for.  The guidance could be used for multiple services.
+MN: And that's why we described this in two separate layers.  One is what to do, the other is how to figure out if you can.
+RP: We experimented with something like this a long time ago, and I'm not interested in hearing about the mechanisms, but I'm much more interested in knowing if this increases our overal security.  I'm not sure this actually increases the aggregate security.  This third level might actually decrease security because it confuses users.  It might make people thing that opportunistic encryption is good enough when it actually isn't.  I used to think this was a good idea.
+William Chan: I talked to various people on the Chrome team, and there some concerned about the relaxed mode.  We're more interested in doing authentication always, even for HTTP:  I am quite excited for encryptiong HTTP URIs.
+NM: I would love to have the authentication.  If we can good get good deployment, then it's great.  From a se
+EL: Concerned this introduces a new form of MitM.  If yu have this header, that now says you can use relaxed, a MITM can insert the header or replace a 301 with a header, and the server thinks it has an encrypted tab but is really sending data through the MITM.
+EL: Why would the attacker not just proxy HTTP, and I'm just saying this is another avenue.  I'm also not sure we understand the consequences of adding a new primative about saying "don't bother to verify the certificate" and confusion about unathenticated encryption versus authenticated encryption.
+Salvatore ??: I am worried we are putting to many things together, and changing things on the fly.  It might be too much to manage.
+NM: I think this is been kind of implicit in everything we do, because we might be switching to a new connection protocol.
+YN: I think there is value protecting against passive attacks.  Active attacks are 10x more expensive.  I don't see much point in having authentication for HTTP because we have HTTPS.  Having encryptiong wihtout encryption has some value, as long as user-agents don't say you've got protection.
+Larry Masinter: I was thinking about cases where encryption might introduce excessive overhead, and one is delivery of video.  There is value in encrypting the headers, though.
+MN: This is a negotiation -- the client can request it, and the server can offer it.
+RP: It is incorrect to say there is not benefit to encrypting video.  It is useful for the content provider and for the distributer.
+Tim Bray: I tell most people to just use TLS.  For you information, the arguments against encryption are becoming less and less convincing.  I think we should keep pushing the rock uphill because we're starting to win.
+MN: One of the conclusions we have is whether server authentication needs to be lumped in.  Does that mean we push everyone to just use HTTPS, or is there still benefit to HTTP.
+Rohan Mahy: A lot of concerns are about what the user experience.  To me it's clear -- if you are doing HTTPS, then here's the list of things to get the green locked icon.  if it's HTTP, then there's no immediate indication.  You just do it, and not tell enybody about it in the default case.
+Use DNS to determine if the server for http: likely has a TLS equivalent,
+instead of using HTTP headers. The two are not necssarily orthogonal. This is a
+mechanism difference, not a conceptual difference.
+Phil Haram-Baker: In my proposal, you can find the information in DNS because
+that's what DNS is for. The guidance could be used for multiple services.
+MN: And that's why we described this in two separate layers. One is what to do,
+the other is how to figure out if you can.
+RP: We experimented with something like this a long time ago, and I'm not
+interested in hearing about the mechanisms, but I'm much more interested in
+knowing if this increases our overal security. I'm not sure this actually
+increases the aggregate security. This third level might actually decrease
+security because it confuses users. It might make people thing that
+opportunistic encryption is good enough when it actually isn't. I used to think
+this was a good idea.
+William Chan: I talked to various people on the Chrome team, and there some
+concerned about the relaxed mode. We're more interested in doing authentication
+always, even for HTTP: I am quite excited for encryptiong HTTP URIs.
+NM: I would love to have the authentication. If we can good get good
+deployment, then it's great. From a se
+EL: Concerned this introduces a new form of MitM. If yu have this header, that
+now says you can use relaxed, a MITM can insert the header or replace a 301
+with a header, and the server thinks it has an encrypted tab but is really
+sending data through the MITM.
+EL: Why would the attacker not just proxy HTTP, and I'm just saying this is
+another avenue. I'm also not sure we understand the consequences of adding a
+new primative about saying "don't bother to verify the certificate" and
+confusion about unathenticated encryption versus authenticated encryption.
+Salvatore ??: I am worried we are putting to many things together, and changing
+things on the fly. It might be too much to manage.
+NM: I think this is been kind of implicit in everything we do, because we might
+be switching to a new connection protocol.
+YN: I think there is value protecting against passive attacks. Active attacks
+are 10x more expensive. I don't see much point in having authentication for
+HTTP because we have HTTPS. Having encryptiong wihtout encryption has some
+value, as long as user-agents don't say you've got protection.
+Larry Masinter: I was thinking about cases where encryption might introduce
+excessive overhead, and one is delivery of video. There is value in encrypting
+the headers, though.
+MN: This is a negotiation -- the client can request it, and the server can
+offer it.
+RP: It is incorrect to say there is not benefit to encrypting video. It is
+useful for the content provider and for the distributer.
+Tim Bray: I tell most people to just use TLS. For you information, the
+arguments against encryption are becoming less and less convincing. I think we
+should keep pushing the rock uphill because we're starting to win.
+MN: One of the conclusions we have is whether server authentication needs to be
+lumped in. Does that mean we push everyone to just use HTTPS, or is there still
+benefit to HTTP.
+Rohan Mahy: A lot of concerns are about what the user experience. To me it's
+clear -- if you are doing HTTPS, then here's the list of things to get the
+green locked icon. if it's HTTP, then there's no immediate indication. You just
+do it, and not tell enybody about it in the default case.
 NM: By the way, that's what's in the draft.
 …
 Alissa Cooper: We should think of this as a gift to users (-:
+Ted Hardie: I like the idea of not giving the browesr a signal of opportunisitc encryption.  But users are not the only side in this.  There are classes of software that might provide a false sense of security.  We can get a benefit, but it might cost us some authenticated encryption, and that is a serious problem.  I think we should just do HTTP/2.o is always authenticated encryption.  If we can't get to server authentication always, then make it hard or hidden to do opportunistic.
+Brian Dixon: From the perspective of opportunistic, it should be acceptable to use self-signed, but still require authentication.  This might lower the bar, but this might still be of benefit.
+Patrick McMannus: People don't always have all the information about what the protection there is if we rely on HTTPS only, so having encryption always is a good thing.  I think it's better to require authenticated, since we really just get one chance.  But if all we can really do is HTTP-relaxed, then it's still moving the bar forward.
+??: Most browsrs give you a place to enter certain configuration options on a per-host basis.  While I don't think we should expose this to users, but I think there is benefit.
+Johan ??: I'm a little skeptical of doing encryption at this level.  Especialy as it plays with DNS.
+Richard Barnes: Unauthenticated encryption is the new plaintext.  This means that the worst case is that you are protected from passive attacks.  We should shoot for authenticated encryption.  If our goal is to increase the number of places that authentication and integrity protection is increased, I'm not sure these goals get us there.  If we require authentication, it means people need to get the proper credentials at scale, but we're not there right now.
+Christian Huitema: I am skeptical about the amount of protection you really get.  I am concerned about the case where we first send the request in cleartext, with all of the potential traffic analisys information exposed, is not providing any benefit.  We should think about the security considerations about this, and maybe have other ways of determining this information, or require another trip in order.
+NM: We did talk about this in Seattle, and if people are going to do this for security purposes, then you would block this data.  Such as sending a very minimal amount of infomration in an exloratory request or use DNS.
+RP:  I want to point out why people don't deploy HTTPS.  It's not because of the cost of getting certs, but because HTTPS is significantly slower.  People doing commerce are very interested in performance, and are unlikely to deploy unless HTTP2/ with TLS is as fast or faster. Our experimentation at Google has shown that HTTPS is as fast or faster for a large number of cases.
+Ted Hardie: I like the idea of not giving the browesr a signal of opportunisitc
+encryption. But users are not the only side in this. There are classes of
+software that might provide a false sense of security. We can get a benefit,
+but it might cost us some authenticated encryption, and that is a serious
+problem. I think we should just do HTTP/2.o is always authenticated encryption.
+If we can't get to server authentication always, then make it hard or hidden to
+do opportunistic.
+Brian Dixon: From the perspective of opportunistic, it should be acceptable to
+use self-signed, but still require authentication. This might lower the bar,
+but this might still be of benefit.
+Patrick McMannus: People don't always have all the information about what the
+protection there is if we rely on HTTPS only, so having encryption always is a
+good thing. I think it's better to require authenticated, since we really just
+get one chance. But if all we can really do is HTTP-relaxed, then it's still
+moving the bar forward.
+??: Most browsrs give you a place to enter certain configuration options on a
+per-host basis. While I don't think we should expose this to users, but I think
+there is benefit.
+Johan ??: I'm a little skeptical of doing encryption at this level. Especialy
+as it plays with DNS.
+Richard Barnes: Unauthenticated encryption is the new plaintext. This means
+that the worst case is that you are protected from passive attacks. We should
+shoot for authenticated encryption. If our goal is to increase the number of
+places that authentication and integrity protection is increased, I'm not sure
+these goals get us there. If we require authentication, it means people need to
+get the proper credentials at scale, but we're not there right now.
+Christian Huitema: I am skeptical about the amount of protection you really
+get. I am concerned about the case where we first send the request in
+cleartext, with all of the potential traffic analisys information exposed, is
+not providing any benefit. We should think about the security considerations
+about this, and maybe have other ways of determining this information, or
+require another trip in order.
+NM: We did talk about this in Seattle, and if people are going to do this for
+security purposes, then you would block this data. Such as sending a very
+minimal amount of infomration in an exloratory request or use DNS.
+RP: I want to point out why people don't deploy HTTPS. It's not because of the
+cost of getting certs, but because HTTPS is significantly slower. People doing
+commerce are very interested in performance, and are unlikely to deploy unless
+HTTP2/ with TLS is as fast or faster. Our experimentation at Google has shown
+that HTTPS is as fast or faster for a large number of cases.
 RP: < note taker missed it >
+Stephen Friedl: I agree with Roberto.  I don't trust locks on my browsers, and heaven forbid I explain to laymen.  The only way to do this is HTTPS (with authentication) only.  No more HTTP.  And we should be rigorous about it.  I am in the camp to push everything to HTTPS except for the small set of cases where it doesn't make sense.  For ALPN, we should be more formal of how to register the types.
+Rob Trace: I would like to have a secure web, but there is a long list of corner cases where it's applicable to have HTTP plaintext.  It's hard to claim this is a security feature, since you still have to treat the content in and out as insecure.
+Stephen Friedl: I agree with Roberto. I don't trust locks on my browsers, and
+heaven forbid I explain to laymen. The only way to do this is HTTPS (with
+authentication) only. No more HTTP. And we should be rigorous about it. I am in
+the camp to push everything to HTTPS except for the small set of cases where it
+doesn't make sense. For ALPN, we should be more formal of how to register the
+types.
+Rob Trace: I would like to have a secure web, but there is a long list of
+corner cases where it's applicable to have HTTP plaintext. It's hard to claim
+this is a security feature, since you still have to treat the content in and
+out as insecure.
 EKR: Is HTTP/2-over-TLS only still on the table?
 …
 MN: It appears that the position of HTTP/2. over only TLS is too extreme.
+EKR: Doing nothing is stupid.  What I think we're arguing about is whether having the relaxed version lowers the bar too much.  I think determining how many would do the right thing, or at least do opportunistic is tricky and we don't know.  I think opportunistic TLS is worth doing.
+MN: People have expressed concern about confusing people about the security state, and I don't think that will be the case.  Server admins will open a browser and look for the indicators.  If there are none, then they don't think they have any protection.  As for commernce, I'm not sure that's an important thing anymore.  What's important is what happens out-of-the-box.  If any encryption requires doing more than installing the software then people won't be doing it most times.
+EL:  One of the thigns I was thinking about was to do the discovery inline instead of a referall mechanisms.  I think having all the security and HTTP people helps informs the discussion for perpass.  A few people made some economic assertions,  these are  interesting questions for researchers to look into.  Also, the IRTF meeting is discussing how to get researchers and those willing to pay for it together.
+PHB: The original goal for HTTPS was to have the same level of trust for people buying things online as buying things in a store.  So not turning on the lock if you haven't authenticated is good.  Deploying opportunistic TLS increases the work attacks have to do which is good.  But for the other attacks, where someone could downgrade someone from HTTP/2 to HTTP/1.1.  Do you really want to re-encrypt YouTube vidoes each time?
+EKR: Doing nothing is stupid. What I think we're arguing about is whether
+having the relaxed version lowers the bar too much. I think determining how
+many would do the right thing, or at least do opportunistic is tricky and we
+don't know. I think opportunistic TLS is worth doing.
+MN: People have expressed concern about confusing people about the security
+state, and I don't think that will be the case. Server admins will open a
+browser and look for the indicators. If there are none, then they don't think
+they have any protection. As for commernce, I'm not sure that's an important
+thing anymore. What's important is what happens out-of-the-box. If any
+encryption requires doing more than installing the software then people won't
+be doing it most times.
+EL: One of the thigns I was thinking about was to do the discovery inline
+instead of a referall mechanisms. I think having all the security and HTTP
+people helps informs the discussion for perpass. A few people made some
+economic assertions, these are interesting questions for researchers to look
+into. Also, the IRTF meeting is discussing how to get researchers and those
+willing to pay for it together.
+PHB: The original goal for HTTPS was to have the same level of trust for people
+buying things online as buying things in a store. So not turning on the lock if
+you haven't authenticated is good. Deploying opportunistic TLS increases the
+work attacks have to do which is good. But for the other attacks, where someone
+could downgrade someone from HTTP/2 to HTTP/1.1. Do you really want to
+re-encrypt YouTube vidoes each time?
 AUDIENCE: YES
+PHB: Once you get past that, you are really talking about doing strong crypto or crappy crypto.  You could probably collapse the work factors to one or two choices.
+Keith Moore: The decision this WG is making has a long term effect.  I think we need to look beyond the current threat or the past threats.  Right now active attacks are harder than passive attacks.  But if a passive attack is feasible, then an active attack is also feasible.  I'm not sure there's a benefit to do opportunistic because you can be downgraded, unless you can absolutely prevent it.
+TH: What Keith said, but also this is an estimation problem (as EKR pointed out).  We are taking the current state and adding opportunistic encryption, which prevents FireSheep.  Does adding opportunistic reduce the number of times people get good certs?
+PHB: Once you get past that, you are really talking about doing strong crypto
+or crappy crypto. You could probably collapse the work factors to one or two
+choices.
+Keith Moore: The decision this WG is making has a long term effect. I think we
+need to look beyond the current threat or the past threats. Right now active
+attacks are harder than passive attacks. But if a passive attack is feasible,
+then an active attack is also feasible. I'm not sure there's a benefit to do
+opportunistic because you can be downgraded, unless you can absolutely prevent
+it.
+TH: What Keith said, but also this is an estimation problem (as EKR pointed
+out). We are taking the current state and adding opportunistic encryption,
+which prevents FireSheep. Does adding opportunistic reduce the number of times
+people get good certs?
 EKR: If we provide the unauth mechanism, [EKR line noise]
+TH: If we ask "should HTTP/2.0 be TLS-only?" we might come to a different conclusion.
+RP: My definition of commerce might be very different of yours.  Pintrest doesn't actually sell anything, but they still add value.  Commerce doesn't always mean adding things to a cart and checking out.  Pintrest doesn't have a competitor right now, but latency matters.  Second, it is far easier to add authentication later than to remove unauthentication later.  If we weaken it by adding this third thing it will be hard to fix.
+??: Trying to protect against just the passive attack is silly.  One thing is very clear is that if I have a HTTP URI, I want to try to use it in a secure way.  If I use it in a secure way, I want to really be secure.
+MN: If we did do opportunistic, do you want to see mitigation of downgrade attack. [Yes]
+Stephen Farrel: I think there's value in trying to mitigate the passive attack, so I think the do nothing option is really stupid.  Trying to insist on HTTPS everywhere is not feasible or scalable.  I think the third option is the right approach.
+TH: If we ask "should HTTP/2.0 be TLS-only?" we might come to a different
+conclusion.
+RP: My definition of commerce might be very different of yours. Pintrest
+doesn't actually sell anything, but they still add value. Commerce doesn't
+always mean adding things to a cart and checking out. Pintrest doesn't have a
+competitor right now, but latency matters. Second, it is far easier to add
+authentication later than to remove unauthentication later. If we weaken it by
+adding this third thing it will be hard to fix.
+??: Trying to protect against just the passive attack is silly. One thing is
+very clear is that if I have a HTTP URI, I want to try to use it in a secure
+way. If I use it in a secure way, I want to really be secure.
+MN: If we did do opportunistic, do you want to see mitigation of downgrade
+attack. [Yes]
+Stephen Farrel: I think there's value in trying to mitigate the passive attack,
+so I think the do nothing option is really stupid. Trying to insist on HTTPS
+everywhere is not feasible or scalable. I think the third option is the right
+approach.
 MN: I think we have an opportunity to improve performance with HTTP/2
+Will Chan: One barrier I've heard is about mixed content.  Even though I'm a big fan of telling people to just use HTTPS, but I need third-party ads and what do I do?  While I want to got HTTPS only, I think there's still a lot of benefit because it reduces the barrier of entry.
+EKR:  I think you should consider option 0, and you consider TLS for HTTP/2 always.  I think we should do something, and having some option for the server to indicate it only wants to do the authenticated mode.  Is it ok to have mixed content?  We need to consider the policies that are involved in these cases.
+PHB: I think a lot of the argument is over a choice that doesn't exist.  One is whether you have authenticated cert or not, since the IETF doesn't strongly define what authenticated really means.  The only choice that can be made is whether the client can be allowed to turn off its root criteria.
+Roy Fielding: I don't think you can require HTTP/2 to be encrypted always, given all the places that HTTP servers are deployed.  I could get behind that if you use HTTP you use a secure transport protocol, ether it's TLS or SSH or something.  I don't think it's a technical argument, but there is a social argument that you can and probably should make.
+Will Chan: One barrier I've heard is about mixed content. Even though I'm a big
+fan of telling people to just use HTTPS, but I need third-party ads and what do
+I do? While I want to got HTTPS only, I think there's still a lot of benefit
+because it reduces the barrier of entry.
+EKR: I think you should consider option 0, and you consider TLS for HTTP/2
+always. I think we should do something, and having some option for the server
+to indicate it only wants to do the authenticated mode. Is it ok to have mixed
+content? We need to consider the policies that are involved in these cases.
+PHB: I think a lot of the argument is over a choice that doesn't exist. One is
+whether you have authenticated cert or not, since the IETF doesn't strongly
+define what authenticated really means. The only choice that can be made is
+whether the client can be allowed to turn off its root criteria.
+Roy Fielding: I don't think you can require HTTP/2 to be encrypted always,
+given all the places that HTTP servers are deployed. I could get behind that if
+you use HTTP you use a secure transport protocol, ether it's TLS or SSH or
+something. I don't think it's a technical argument, but there is a social
+argument that you can and probably should make.
 #### What does the WG Want?
+Mark Bishop: Just want to be clear, that for 2 and 3 that there's an option to go better, but no requirement.
+LM: One considerations is if users would be presented with information about those connections. Which of these include those dialogs/information?  And what is the performance impact?
+Mark Bishop: Just want to be clear, that for 2 and 3 that there's an option to
+go better, but no requirement.
+LM: One considerations is if users would be presented with information about
+those connections. Which of these include those dialogs/information? And what
+is the performance impact?
 Dixon: To clarify server auth, it should include both CA-based and DANE-based.
+Rohan Mahy: I don't know what #3 means with the word somehow, especially in a technical context.
+Gabriel Montenago: Remember what the desired final state is to increase the use of valid TLS.  Where is that in these choices?  I think plaintext has an important place in the world.
+Rohan Mahy: I don't know what #3 means with the word somehow, especially in a
+technical context.
+Gabriel Montenago: Remember what the desired final state is to increase the use
+of valid TLS. Where is that in these choices? I think plaintext has an
+important place in the world.
 Barry Leiba: You should be looking for who cannot live with some of these.
 ) Don't know (yet)
+) Don't know (yet)
 [strong humms for can't live with]
 …
 [strong humms for can't live with]
+) Opportunistic encryption w/o server authentication for HTTP URIs - just for passive attacks
+) Opportunistic encryption w/o server authentication for HTTP URIs - just for
+passive attacks
 [ less strong for can't live with ]
+) Opportunistic encryption with server authentication AND downgrade protection (somehow) for HTTP URIs; no requirement upon HTTP/2.0 when not available
+[ weakest  for can't live with ]
+) Opportunistic encryption with server authentication AND downgrade protection
+(somehow) for HTTP URIs; no requirement upon HTTP/2.0 when not available
+[ weakest for can't live with ]
 ) Requre secure underlying protocol for HTTP/2.0 (at least in web browsing)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 2490 for wg_materials/ietf88

Legend:

wg_materials/ietf88/minutes.txt

Download in other formats: