Internet Engineering Task Force 102, 17 Jul 2018

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF102-HTTPBIS-20180717-1550

Description

HTTPBIS meeting session at IETF102
2018/07/17 1550

https://datatracker.ietf.org/meeting/102/proceedings/

A

No, so it's 350 is so we're gonna start pretty soon. We've got a very full agenda and I'm making loud starting noises to the people in the hall can hear that and think about coming in I know Dewey.

B

A

B

That's a good move. Actually that'll that'll make him nervous, we're looking for a minute taker minute, a taker Paul.

A

Hoffman you're an upstanding citizen in the ITF, then you'll write very clear minutes because you'll force us to clarify ourselves. I think thank you.

B

A

Are a friend your gentlemen.

B

All right welcome to session one of a cheap abyss of two sessions we've done this week. This is the note. Well is Tuesday afternoon. You've probably noted well by now. These are the terms that govern your participation, I PR wise in the IETF. If you do not understand them, what your chairs and your 80s are more.

C

B

Have a conversation to help you understand, so we have a scribe. Thank you. I've got two sets of blue sheets. That mark will distribute around the room and we will open the agenda for for boshane.

B

My understanding that someone would like to reorder two of the presentations and, if that's probably something we can accommodate, but this is agenda for today, we're going to start by going through each of our active drafts that the working group has adopted, that isn't at least off to the ISG and then we'll talk about some proposed work, and we have a couple informational presentations after that. Regarding how push which was part of these Chiefs to 7540, standardization is playing in the real world. Would anyone like to make any changes to the agenda? Yeah.

D

Chris would you're right if we swap the key Lehman s and I held service drafts that the second one happens to conflict with the start of CFR G, which is rather unfortunate and I would like to attend bolt. So.

B

It took me with the presenters, and everyone here is that okay yeah sorry I double-check this with the authors and the presenters and they're all cool with that for both drafts. But does anyone else have an objection, see no objection, that's what we'll do well.

E

Thank you, I was wondering if we could move also CDN loop, I'm also conflicted with CFR G, so put helium as the third for the proposed work. If that's all right.

B

Are there any objections to that? That's also fine by me. I think we're all here. So.

F

I think the constraints were working with here is that we don't have a current until three o'clock. We have.

G

A five whatever point.

F

Five o'clock whatever, and then we have people who disappearing shortly thereafter is this a double session? Is there? Is that what's going on this I, don't know the answer to that.

B

F

Think they might be another.

B

Session somewhere else, this thing's split in two okay, there's some overlap. So, let's just let's keep wets, do all services and I, then helium, then CD and loop as the as plan of record for now, but it's possible we'll be able to move through some of the active extensions like like quite quickly. Some of them have very short reports to go on so I suggest we get started on that and see how we're doing right all right. It's not good. Okay,.

A

B

That's the first time someone bashed in agenda I was very excited and now I kind of live in fear. You.

A

Understand punky yeah.

B

All right so we're gonna start with uh variance get your slides up here, for you.

A

Okay, so the first draft is HSV representation variants. Draft IETF HP is variants we adopted this was it two meetings ago. It's one.

H

A

Yeah something like that and it's been coming along pretty well next slide. um I think it feels like it's getting close to done, or at least ready for some sort of feedback, slash implementation, loop and I. Think that's the big question in front of this draft is you know we have I've been talking to folks. We have some in our interest. We don't have any actual implementation yet, and so the question at hand is: do we want to go ahead and publish this?

A

You know once we resolve our issues and we go through a review process which is not we're not quite there yet, but we can see there from here. Do we want to try and wait for implementations or do we want to just go ahead and publish it maybes, experimental or something else and see how it goes?

A

Yeah so I since, since I wrote these slides I've been talking to uh some folks. First of all, ask the question: is: does anyone in the room intend to implement this in the near future? Okay, so I have a hand up I knew about that hand. That's why I asked the question? You never ask a question. You don't know the answer to so I think what we're gonna do is we're gonna work through the remaining issues.

A

Lathe has said that he thinks this is something he can implement as a plug in in in traffic server, with Brian's help, perhaps uh and and over a very reasonable amount of time.

A

I'm not gonna, talk about the time scale that you gave because I don't want to make a commitment for you, but a reasonable time scale and then will based on that feedback, and maybe, if other folks get interested, then we'll take a look at where we're at after that, if that makes sense, okay, great and then, and that's of course, in the cash side and cash implementation. The other half of the implementation here is generating the headers so that the cash can take advantage of them.

A

I'm not as worried about that, because that is is, if you've implemented very generation based on a file system, for example. This is a very small step from from that.

A

It's it's not a not a big deal and something like Apache next slide, so I think there's just one issue that I wanted to talk about today, which is the more expressive variant, key issue where, whereby we had some discussion that that, right now, the formulation of the variant variants, header yeah, the the formulation of the variant key header- is such that you list the available options for each a component.

A

So, for example, if there's a DPR and you can have a possible value of one or two, then variant key says well, this particular representation has one and there's another and and and then it has another way that says I can I can also express this key for that we've been having a discussion about re, expressing the variant key in a different format.

A

So it's basically a set of alternative variant keys for this representation that for the response that the variant key header occurs in and that I think the feedback we got on the list just actually yesterday from Yoav, was that he really liked that, because it's more expressive, it allows you to to avoid situations where you know. If there's a matrix of four different options that the variance builds and three of them can be satisfied by one response, this gives you the ability to say, okay.

A

Well, this response can be used to fill those three holes and that isn't currently possible in the current spec. So we talked about that. I feel better about that. The only issue that came up I, think is that gave life a little bit of heartburn and from an implementation complexity standpoint.

A

But we talked through that the other day and I think that we can address that by writing the specs such that only the the first variant key in the variant key header, because it's a list has to identify the representation that it occurs within and that way if he wants to, he can just chop that off and use that loosen cache efficiency, but he doesn't have to fill all the other holes in that matrix in his cache by creating coming entries or whatever you want to do and from his standpoint, that's a much easier thing to implement, but it gives him a path to later on address the other support.

A

There's other values so that you get better cache efficiency instead about right, life, okay um and and so I think this doesn't need much discussion. I just wanted to check to make sure that nobody else had heartburn. With that sorry, it looks like what you see here on the bottom very key, so that says basically, this would, if we adopt this, that variant. Key semantics would be this particular representation that these two headers occur in identify the the the the response with the values to 300 and off for dpr viewport and save data respectively.

A

But this response can also be used for the one 600 off and to 600 on responses and and the use case driving. This was yo talks about this a lot. You know when you have interdependent headers for things like especially you know, dpr viewport and save data are good examples. Often you'll have different combinations of those that could be satisfied by the same low-quality image, for example, or high-quality image. You don't have all those duplicates in your cache.

A

You have a way to express, hey, you've got one entry and cache could be used for all these different combinations of these headers.

A

Is there another slide you're.

B

Out of slides, so I will go back to your first slide for publish now our wait for our experience and note that this is a standard, stret document right and one cache has provided. You know a lot of cooperation right, but it has an implement again. I think I can give you another cache in the horribly distant future. Excellent I was gonna point out. I've made some new friends from Comcast this week running one of these caches who's implementing I'm wondering if they would be willing to suggest an intent to experiment with how this works.

B

If that implementation were made- and you provide some feedback- yes,.

I

There is intent to experiment, not a lot of experience, yet, though sure.

B

A

Exist, that's all we're asking for now. That would be great things so.

B

My suggestion we would essentially Park this waiting for some implementation experiment. Yes,.

A

And then that that's I'm happy to leave it open for almost an indefinite amount of time as long as we actually have people doing things with it, if we don't have people doing things with it, we might as well just dispose of it in some other fashion. So great, ok, thank you. Thanks.

B

So you're still up there mark because we're gonna talk about BCP 56 bits. Next hi you don't have slides so I'll find a.

A

Nice little interstitial here for.

B

A

That'll be good, so um we've been working on BCP 56 this for a while. Now we've gone through role, cycles of editorial additions and reviews, I I feel, like we've, gotten fairly broad review of it, both from folks in the working group as well as folks, outside I, regularly and including yesterday, get emails from people in the ITF that I've never met before as far as I'm aware, but that are giving me very nice feedback on it, saying that we like this. This is very helpful. Have you thought about this?

A

Or can you change this to make it more clear or you know what do you think about this and and so I feel like it's? It's a lot of eyeballs have seen it and and the rate of change on the document has been slowing down so I'm gaining confidence personally that it's it's getting to a stage where it's ready, ish to ship I. Think the big open question on that right now is I. Have an editorial issue open on it to wait for hjp core, so we can reference those nice.

C

A

Well-Structured core documents in this, rather than referencing the seven to 3x series we'll talk about core tomorrow but I, think the feeling is still that we're gonna finish core around the end of the year, so I'm personally as editor happy to leave it open for a while and maybe incorporate some more feedback as it dribbles in and get even wider review for this document, which is always a good thing. But I'd be curious to hear what other people think about whether there's an urgency and shipping. This document, or not.

F

Some modern Thompson I think having it is more important than publishing it at this point, and it will be really nice if this went out alongside those core specs, because I think that really sends a message that this is. This is part of the core and in a way, the way he used. The protocol is almost as important there's a definition of protocol itself, I think, and so my preference would be to sort of try to try to hold it until then, as long.

C

As that process.

F

Doesn't prolong itself and it there are signs that there's lots of changes coming in the core thing, but they're all really minor things and I think we could probably say that the core thing is going to be done soon helps at least at least not not three years away if over a year, I think I'd be comfortable with the year I think any longer than that and I think we should started there.

A

Feels that right, Denis yeah thanks.

A

Who in the room, has read the document? Bcp 56 bits, okay, smattering of hints, please read it yeah.

B

So this is intended as a BCP right, so we we want wide review in the room, but as as positive data points, there have been about 60 issues open to concern on github, almost all of which have been resolved from a pretty wide range of parties, including people that don't participate regularly in this group. So it's getting that kind of review. He recently added a privacy consideration, section I want to make sure people look at that.

B

My experience with talking to people working in other groups. There was recently interest in this from from the SOG group, and the DOE group was also very interested in this right. Is it would be nice to have something not just to guide their definitions of their protocols, but actually to be able to normally reference to say you know the security implications or the privacy implications of the HTTP portions of my spec are reflected in VCB 56 bits right. So if folks, you don't want to read it with an eye towards doesn't answer that question.

B

I would be interested in that mark.

F

I'm relaying for Julian here he says we have a few core issues where we still discuss whether it should go into core or basically 56 bits. I. Think that that's good- and this is so he agrees with me on that point. So that's what Paul.

J

Hoffman, so the sag message that you saw you may have misread. Basically, he will, he was told, puts BCP 56 stuff into a document that is blatantly breaking BCP 56 and it says so it says screw how they did it. We just wanted to shove our data over HTTP, oh, but there's the Stockman over there. That tells us not to do it so so.

B

J

B

Argument for the completeness and the urgency of publishing, perhaps well.

J

At least now I mean that document will go forwards. um It's been waiting for almost a decade, but basically it's specifying something that predates possibly even predates BCP 56 and it's a fuller specification of it and it's someone who could care less. He uh he's over in your continent area, so you could chat with him. It's um continent.

A

J

A

As you know, we know we all.

J

Know each other yes right so anyways, but but just to be clear. That document is referencing, BC, P, 56, saying yeah screw that.

A

So speaking to the privacy considerations, part and well then, and that general question I think that writing that kind of text to have it to be able to reference somewhere is a great idea, and we should be doing that personally. My initial feeling is is that that probably belongs in core the idea behind BC P 56 bits is it's a guide for people who are writing new specifications or applications using HTTP, and it's also a guide for people reviewing them, especially area directors.

A

So you know when that screw that specification gets to the isg they can compare and make their own decision. It's not. There's I, don't think, there's currently anything in there. That's something I could see an application referencing unless it's oh, we did do this and we're pointing to it informational II. Maybe you know- or we didn't do this and we're pointing to an informational II, but it's not really a referenceable document in that sense, I.

A

Just like the original BBC P 56 beside on't know anybody really referencing that one either but I'm not stuck on that I mean if we want to change the nature of the document. That's fine I! Just to me. It feels like it kind of goes in core cause. You're gonna be referencing HTTP anyway, if you're using it.

B

There any other thoughts.

B

Okay, thanks thanks mark secondary certificates, this next Martin micronet who's gonna do the honors. Here we have a clicker, Mike I, don't know if it works, but you know.

K

Alright, so as far as the secondary search Draft.

K

I'm gonna go with no it's dumb; it does not work there. You go alright, so there's actually been a fairly broad set of changes in since London. So if you go up to the next one for the first part in draft 0/0, they were sending the frames that were related to the certificate and to the requests on the control stream, but the things that we're describing for this particular stream I need this search and now I can proceed, because this request has been answered.

K

Those were happening on stream, there's a slight problem with that flow, though that is not fatal in its gp2, but will be fatal when we take the same thing dhcp over quick, which is that the request with the headers likely close to that stream in that direction so requiring that you then later send a frame on the closed stream. Not so not so nice John draft one everything has been moved to control stream.

K

It says it includes the stream number of what it's referencing but unfortunate that we have to mention it, but it makes the stream usage cleaner. So next slide we're also being more explicit about where certificates are used.

K

Originally, there was a flag on a certificate that was marked as automatic use so that the client could say I'm fine with you using the certificate for all future requests that I make and servers have to set automatic use because clients are deciding whether to send requests in the first place now there's an issue and that the server doesn't actually care whether the certificate is available, but the client might the client doesn't know when the certificate was used or not, and so we've turned this around so that there's the ability to send an unsolicited use certificate, and if you want to apply to your certificate to every request, that's one more couple, byte frame that you can send along with every request.

K

But if you have multiple certificates, you can pick which certificate to associate with each request and now also it's not confusing. If the certificate the server turns around and asks you for a different certificate after it's seen your unsolicited one next slide, also in the camp of trying to be more explicit instead of having clients pick an unused stream and say, I can't use the stream until you send me the certificate that I want, which is kind of hokey I, have to admit.

K

Instead, we just say certificate needed on stream zero. This this connection requires that you provide me the certificate, which is a little bit cleaner. I would still like a cleaner, cleaner, still way to do this, but this is the best. We've got right now next slide.

K

Most of the big changes in the dock, though, have been through integration with the exported authenticators draft in EOS working group. So the original version of the drafts that we adopted and that we still had I think back in London, was that everything was being done in the HDPE layer, the certificate frame curing actual certificates. Then you had a certificate proof that contained a signature of something of an exporter by that certificate.

K

The ship request had oil filters and having all of this at the HCC layer, was kind of ugly, so moving the draft one, there's no more certificate proof frame certificate, curious and exported Authenticator TLS deal with all of that certificate request carries an exported Authenticator request, all of that Singh capsulated that TLS layer, gay sheep HTTP out of it please draft to. We got to take advantage of a new feature and export of authenticators. That was added during their first working group last call, which is and exported basically an authenticated refusal.

K

The ability to send I do not wish to provide you. The certificate you've asked for previously used certificate, just didn't include a certificate ID. Now you actually send along cryptographically signed I am refusing signed and I'm refusing to send youth which you've requested so we're shifting more stuff into the TLS layer doing less at the HTTP layer- and this is goodness for separation of concerns.

K

Last major change that we've had so far is a way to detect me in the middle sooner because if you do have a TLS man in the middle on your connection, unfortunately they do still exist under the old model. You wouldn't discover that until you've done all the work of generating an export of Authenticator and then it didn't validate now we actually stick an exporter in the settings instead of just saying one turns it on, and if you see that the exporters don't match from your setting, you know it's not going to work.

K

Don't bother attempting to done to do the crypto to generate an exported authentic. Our next slide so open issues that we want to talk about. First off, there's the question of how all these frame types get bound together and the draft is improved at explaining this, but it's still kind of a little network here next slide.

K

The certificate request has a request, ID certificate needed, because there can be multiple of those for various streams point to a certificate requests by request. Eddie, you answer certificate needed with a use certificate. That's referring to the same stream. Id saying which certificate you're using to enter the request for that street and then that uses a serve ID to tie it to a certificate frame that has an export an authenticator. Now the interesting piece is inside the exported Authenticator.

K

You have the request ID that that certificate is bound to, but it doesn't have to be the same request ID that was used for that street. In the scenario where you would want to do, that is you've gotten separate requests for dub dub, dub, example.com image, example.com and scripts example.com.

K

Well likely you have one cert that covers all of those names and it would be nice not to have to generate three separate export authenticators for the same certificate. All responding the same request, none too different request IDs. So we allow you to say: I have already sent you this certificate and use it to satisfy that request.

K

So right now the draft says that you need to dig into the exported Authenticator with a POS that are defined in that spec, retrieve the request ID and ensure that it matches some requests that you have sent previously, but not necessarily the one on that street. So next slide.

K

Admittedly, that doesn't line up perfectly, but it's operationally a better choice. So there is kind of a question of do. We want to allow cross responses like that. I, mostly think that we do, but it's not entirely clean, and then there is an open issue suggesting that the certificate frame should explicitly contain the request ID.

K

So you don't have to ask TLS to get it out for you, I'm open to opinions on that I'm inclined to think that if it's already there and it's just a matter of asking TLS to read it- that's probably okay, but it does make a dependency on the TLS library to interpret them.

B

Which, like comments now or.

K

F

Wow, okay, Naughton Thompson I've always been a little bit sort of unhappy with the situation where we sort of ask a question and I mean indirectly. Of course, we we have to go asking TLS to give us the answer to the question that we should be able to answer directly ourselves. If that means that you're coding, the information I think I can be comfortable with that.

F

I like the I, like the separation between request identifier, x' and certificate, identifies I, think that's a useful abstraction that we can use and particularly useful in in these cases where you get the CSS top example, calm images so example.com. What what have you all of that stuff is?

F

Is goodness, particularly when we're talking about something, that's so grossly inefficient as certificates, but not being able to know which request was being answered without going all the way into the opaque blob that we just got out of TLS is quite annoying, so I'm inclined to say just duplicate. It I.

K

Will push back on one piece that you said there at the end yeah, which is the request that is being answered for in terms of this stream, is the request that was sent for the stream, but that's that's not necessarily the same as the request that generated this export of authenticator in the first place. That's that's.

F

The one that I'm more concerned about the this, the the carriage of the blobs, if you go back to the picture, the ones.

C

At the bottom, I.

F

Don't care about the ones that it's the ones at the top I mean it's. Yes, it's all in directed throughout, through the request on the stream and all that business. But fundamentally you have to be able to there's some magic that goes on. So you have multiple certificate requests outstanding. At the same time, mm-hmm the HTTP layer doesn't know which one goes with, which until it's gone on talk to the tail I smile, which I don't like.

B

I never I think.

F

Doesn't care okay, I.

B

Was gonna say we can write the third co-author up and just sort of have an editorial meeting here. Yeah.

F

I would like to hear from other people on this one cuz right. It's not a huge problem. I mean.

K

Frankly, this isn't my presentation because Martin opened the issue: I don't agree with him. I would like someone to talk with.

E

Ben Schwartz: is it possible to send a certificate frame that just contains a reference basically to make an explicit reference.

K

That's essentially what a use certificate frame is, so you send a certificate frame that has the export of authenticator once and then on. Every stream that on which you want to use it, you send use certificate with just the cert ID, but then you follow the cert ID, just the exported Authenticator, and if you want you can find the request. Id of the request that triggered that export of authentic error to be sent.

E

Sure so could you go back a slide or Thanks, so you certificate doesn't have a request ID in it correct so I guess the question would be you know, could you have a frame, it's like certificate and like request, ID and also a pointer like here's, the expert authenticators over there so effectively explicitly answering the request to say. Like yes, I'm answering your request, the answer is over there: okay.

K

So far, the document has done that purely by matching them up on streams, but potentially we could add a fifth certificate type that says: yeah I'll have to come up with a name but basically responds to a request with an existing certificate, but not bound to a stream.

K

Any other comments here or should me.

L

C

Well, at least I don't having two things that needs to be compared by get it to be equal. Yes,.

K

C

That I'd, rather not fall to have that's.

K

A good point that if we put the request, ID and the certificate frame, then you have, you still have to check in the export of Authenticator what the request ID is to make sure that it's equal to the one in the HTTP frame. So you don't actually save the : to TLS.

E

New sullivan, so yeah you're saving a search, essentially you're saving the search through all the outstanding certificate request to find something that matches the request. Id. That's that's why, when.

M

They duplicated.

E

Right are you because.

K

K

Have to ask TLS to open the exported Authenticator to give you the request, ID or you get the request ID out of the search for him, but either way you have to go, find that request.

E

Right but if you have the request ID in this certificate frame, then you have to also look in the export or authenticate or to but check the binding. No.

F

Mon Thompson the something occurred to me, but this picture is really good for that. We have the problem that Kazuo identified on the left.

F

Because the certificate request has the request ID in two different places,.

F

You want to fix that pick, one I don't actually here either you have to in both or you have one in both and I'm okay with it either one, but it would be good to be consistent.

E

If that's the case and both sounds fine to me all right, it's about last comment. Yeah.

N

So unrelated question on this particular issue, so we're done discussing that so I wanted to kind of get an idea of what the scope of the certificate exported sorry certificate authentication is, for instance, is it only for things are applicable on this connection, or, for example, does it extend the scope beyond this connection yourself, for example, can we apply to this to all des BC, which may presumably cash beyond the scope of this one connection?

N

K

In the current the current version of export of authenticators, it is only for this connection. There is a proposal on TLS that would allow you, potentially maybe to hook it into a resumption, but that's not true for the current draft.

N

Yeah, it would be just make it explicit would be good. Thank you. You.

B

Had seven minutes left Mike yep.

K

So then, there's the the issue that came up during our I thought it was going to be brief discussion last time that is actually kind of kind of hearing so next slide.

K

The problem is that you can use secondary certificates to make various other forms of attack on a cert, either easier or worse, so without secondary certs.

K

If you get a Miss issued certificate and let's say Mallory is trying to steal traffic from Bob, calm Mallory has to get you to navigate to his site and get a Miss issued certificate that covers both his site that you own, that he induced you to connect to and the attack site, and if he does that, then, if you're requiring certificate transparency, you have a record of that cert being issued and that cert covered both domains and you have at least a breadcrumb with who to go after, as well as being able to revoke it in a secondary cert world.

K

Those can be separate, certs, there's no certificate. Transparency link between the two. These hacker still has to get induced navigation, and you can still revoke the cert when you see it in certificate. Transparency, but you don't have the breadcrumb to try and figure out who did that now how strong a breadcrumb is that going to be considering? It was probably a throwaway domain anyway, probably not very, but it's something where this gets a little bit.

K

Hairier next slide is in the case of a key compromise where they actually have the legitimate cert and the actual private key of that, sir.

K

In the current world, you either have to do takeover, DNS or subvert IP routing, so that you can steal the connection that was going to get routed to the real server and then present your fake cert and the target of the attack is blissfully unaware, but there is at least some work involved in student land hijacking, a TCP connection with secondary certs you're back to induced navigation, which we know is easy, and then you present the real certificate as a secondary cert on that connection, and the attacker is no less aware than they were before, because they were blissfully ignorant before, but it becomes easier to do so.

K

There is a proposal last time where perhaps instead of permitting normal certificates, because we should have a new requirement that certificates used by surfers, this probably doesn't need to be done for client certs. Butt certificates offered by servers might want to have some kind of void.

K

That says this is okay, which kind of makes me sad from the deployment perspective, because it means all existing certs and all existing ways of issuing assert that you have setup are not usable with this and that's going to slow adoption and also for in terms of an opt-in we already of the quote-unquote owners of the primary connection. They want to be able to control whether secondary search are used on their connections and now we're also going to have to have opt in from the ones being coalesced onto those connections.

K

We know that opt-ins are hard to get uptake on double opt-ins exponentially more so and just from the optics perspective. If we have an oil that says it's. Okay, if you hijacked my circuit nobody's going to do that, so we need to at least have some somewhat useful, looking mechanism associated with it. If we do this I, don't think a blanket in or out is necessarily the best choice.

K

So next slide I got an interesting suggestion during a side conversation on this that instead it might want to be a list of primary domains that this can be secondary to. So, if you do steal the search from images macys.com fine, but it can only be used secondary to dub dub dub dub macys.com. So unless you also have that cert, who cares- or at least you know- maybe not who cares? But you are no worse because you can't use secondary certificates with it unless you have that primary service.

K

Well, honestly, I'm, not wild about having this requirement at all, but I can understand the security argument that we need to do something to mitigate a making attacks easier and if we need to do something. This is the best suggestion. I've heard so I was like comments on whether we do this or none of it.

E

Nick Sullivan, this seems like it's even stronger of an opt-in because you have to opt in to a list rather than opting into just one bit, which is yes or no. You.

K

Can opt into a well car but.

E

That's still, you have to accept a so wildcard means anything yeah. So this is just adding. This is reducing the scope of the opt-in, optionally, it's more complicated or I, guess more complex mechanism for limiting exposure to this attack.

K

And I think there is some value and if you are confident that the security on that this cert is probably not going to get stolen, maybe it's in the hardware security module and there really is no way to get the private key out. Then fun, dual wildcard, throw it in go ahead and use it. If you think the certificate is at risk, you can tighten the scope and reduce your exposure.

K

E

Then Schwartz as an intermediate between these things, could you imagine a tag that essentially creates a pool so, like all all certificates on a connection must share a tag, but we don't have to nominate exactly one of them to be the primary.

E

Okay, because otherwise you know I imagine in a CDN type situation, it would be challenging to to know in advance which certificate is going to be the primary. But you could you could mark everything in the pool with a shared tag. Yeah. That's.

K

An interesting one, so you just know you put an identifier, that's probably going to be the CDN you expect to use- or maybe your customer ID at that CDN and then they all can be secondary to each other. That's simpler, I, like that.

O

Yeah I was gonna, say. Basically, this is Richard. Barnes I was gonna, say this. The same thing has been that the tagging so that the entry point domain seems really awkward for things like CD units and something like this tagging thing seems way more sensible. I. Wonder, though it seems like at that point you're kind of hinging some of your security on the difficulty of adding that tag inside I, wonder if there's something to hit hook to like something that's access controlled.

O

For that tag like say an acme account ID or some other thing, that's difficult to get that might be external or this specification. It might be. You know the rules that say a browser forum puts for what you put in that field, but you know might be worth thinking about what the security properties are, depending on how difficult it is to get that that binding identifier, yeah.

K

Cuz, the downside with the tag is that the attacker would have to the attacker could issue a cert with the same tag. If they're able to inquire it and then yeah.

O

An attacker can execute the attack if they can obtain a certificate that has the proper tag right so.

N

Different suggestions, so super banger, so one of the options might be actually to hash the straw man here, but hash the certificate itself contents itself of the primary certificate. So that means that not only binds it to ownership of the domain itself, but also ownership of the private key associated with the domain, the public key of the domain. So that means like you, have to not only get a certificate associated with with that hostname or tag.

C

Or whatever opaque identifier.

N

But you also have to own a specific private key to be able to execute an attack on this particular.

N

K

That seems like an even tighter restrictions. It's.

N

A dire restriction, yes, so that we're going with typers if we're doing some restriction and we're doing it like pretty tight, then that would mean that presumably with property we want here is that a server like when you revoke the certificate that you have and the primary certificate would also or you like- destroy the key or something is gone, or that certificate is not longer usable. The authentication properties are the things that are secondary to it are also not usable as well.

N

So it seems logical to pin it all to that primary, not just a a domain which is opaquely satisfiable by any private key, but.

K

I think the property that Ben was suggesting here was that it's difficult to know which, which of several certificates will be the first one to trigger the connection, and therefore you want to be able to use any of them as the primary and the others are secondary and if you're tying it to a particular private key. We don't have that problem right.

N

So in the you in this one, you have an Auror case right, it's a list, any one of them can be satisfied, so you can create a graph of authentication with an aware as well as similar to how do you do it, but the hash you do the list as well, but you cannot it's kind of do you have to have a root, and after that you can have leads, but it does restrict you in that way. You have some.

B

N

Of route yeah, it's not exactly last.

B

Call for getting into my client cut.

P

Electrets so, rather than pinning to a specific tag, we could say into a sir, a specific CP log that all certificates in a particular set of shared certificates have to be in.

O

P

O

I'm thinking about this more I think the property we need here is that whatever goes in, that extension needs to be something that a CA can verify in order to prevent issuance of certificates having improper values there.

C

O

Kind of leads points toward you know using a domain name there, because that's what's the A's are built to verify and I think that may actually be good enough, so so use a domain name as this tat in the same way, same tagging way that that been mentioned so that you know when I go to CloudFlare I, get CloudFlare, calm and all the certs, because they have and I think that the rule you would say is CA has to verify before CA issues assert with this extension.

O

It has to verify in addition to whatever it would normally do, that the applicant controls the domain and they're putting in the tag field in the tag extension so you'd be getting a certificate that says this. The the server owns customer calm as well as cbn.com, and then you'd use the CDN com1 through through everything else. I think that seems, implementable, I think it gets the right security properties and the security properties you're after here I see.

A

A lot seeing a.

O

A

Nodding heads out there so.

K

That sounds workable to me. I will admit that, in terms of doing certain extensions I have no experience there. So I would welcome contributions of text.

O

It turns out one of Watson crypts engineers is in the acne session. Are the acne rooms all hook you guys up later, as I fill up right? You should be able to help with that. A.

A

Little ad hoc design team to kind of refine this design might be good, yep, all right and you're out of.

B

Slides, okay, all right, Thank, You Man! Thank you for the useful discussion.

Q

Everyone I think we're making some good progress and.

B

Yeah we H it's not plugged into the laptop I. Think that's probably another problem. Okay, next up structured, headers.

A

So structured headers um we've been working on this for a while. Now we have I think we talked about last time, an implementation in JavaScript, a partial implementation in Chrome, because web packaging is adopted web structure that history, some of their stuff. We have a partial test. Suite going contributions are very welcome, I think, overall, it feels like the spec is getting mature.

A

We probably need to go a couple more rounds with it, but it feels like we're getting close to something that we would want to ship and- and the big question in my mind, is whether we've hit the right balance between you know: simplicity and capability, whether we have the right set of data structures, start data types and structures to cover the interesting use cases yeah.

A

So next slide, and in that spirit there are a bunch of open issues right now, most I think we can address on the issues list, but there are two along the ones of that.

A

There are two along those lines that are thought of you. Sort of talk about here, one is is that we've received some feedback from potential header users of structured headers. That it'd be useful to have an ordered dictionary, so a equals B C equals D, but where you can, you know access that as a dictionary is as a hash, but also retain the order for that and and whether that's important enough to get into the spec or not is, is a question of judgment.

A

I do notice that the newest version of Python makes order dictionaries the default, at least for C Python, which was kind of interesting coincidence. So you know we could we could take a couple different approaches to this. We could require. The exist exist in dictionary object to the order, so a language like Python would be able to just use its normal dictionary data structure, our language that doesn't support order.

A

Dictionaries you'd have to do it with an object, somehow a little more abstraction or we can create a separate order, dictionary or ordered parameter top-level type, in addition to dictionary personally I'm I'm, a little reluctant to add top level types until we're sure we need them or we could say no we're not going to cater to this directly and you can Jam whatever you want to into the existing data structures.

A

For example, you can have a really ugly per M list where the the identifiers you know like if the premise is basically like a list of mime types, you have a thing and then you have an optional set of parameters on it. You could say: okay thing, a is just you know a marker, then you put the real parameter after it. Then B is the marker, so you retain your ordering, but you have this key value pairs, it's it's kind of ugly, but it could work with the existing spec.

A

So it's wondered if anybody had any opinions about that.

F

Not in Thompson these things are naturally ordered, I mean we put them on the wire, and it's.

C

A very specific order.

F

C

F

This is I think this is the sort of the default that we want to have, but it would be fine for individual definitions for header fields to say they're using this structure, but attribute no semantics to the order in which the the items appear. I think that's probably the right way to do. This I tend.

A

To agree and I think what we would do is house, and maybe we needed new appendix which says advice for API is to structured headers, and that would be when you implement dictionary, make sure that you allow ordered and unordered access. So as a hash or as a list, no JavaScript is some ordered yeah.

F

What you can hear right, you know what yeah and it maintains that this is a common.

C

Pattern, that's.

F

That's coming up in in languages, it's a facility, that's being provided, partly because you don't get indoor up on Jason without it. In a couple of cases,.

F

A

Okay, I think we'll give that a try and see how it goes.

A

Number, six, twenty nine identifier, we removed identifier z-- from the item, so you know we I. We specify this thing called an identifier in a B and F terms. It's roughly a token has a few extra characters, but it's just a you know: unquoted string.

A

We remove them in issue 505, because you know we just talked about. How do you distinguish between a in order to or an unordered dictionary in an API the same issues here?

A

How would you distinguish between a normal string and an identifier so that you could reliably serialize the right thing based upon a data structure in some language we we removed identifiers from the item payload so that it would simplify the API so that you know you wouldn't have to have an object to wrap an identifier so that it would serialize correctly if we reacted them.

A

I think that most languages would need to do that and, and the driver for this is we got some feedback from an event estrin saying that he'd really like to have their identifiers as payload, so that he could back port, potentially structure headers on to existing syntax and make it work a little more elegantly. um Does anybody have any feelings on this one where they are to be clear? I was the driver for five out of five and I think this is a reasonable feedback to add them back in it.

A

Would it makes the api's a little more abstract? You know now you need an identifier object, basically, but I don't think that's the end of the world.

A

Come if you're awake.

F

So Julian says this also depends on what characters would be allowed in identifies yeah.

A

Right now identify um is, if I remember correctly its token plus a few characters. I think there's been a little discussion about adding a few more characters. We need to keep it safe and extensible, but also a bit flexible, become a.

F

Nice, if you did by 64 or some some variant, they're open inside.

A

We already have binary, we don't need to go there. Yeah.

F

A

Okay, all right I'll take that on board. um That's all I have for structured headers. Like I said: oh, it does work, I think yeah. We need a bit more time on this, but I'd like to shift this. Maybe around Bangkok ish I think that we don't want to leave it out there too long right.

B

So they've been 50 issues open mostly mostly closed, so it's actually got an input from a number of different aspects, which is always good.

B

Can we get commitments from a handful of folks to review if we're on a Bangkok timeline, looking for maybe five hands that will promise to read this from a core working group perspective.

B

Excellent I know who you are. Thank you so much for your for your contributions. Thanks mark Kazuo we're doing a cache digest next, so we've got I. Think three pretty quick updates come in here and then we'll get into the proposed work session and so folks to be prepared for the ordering there I'm going to suggest that CD and loop prevention get this first slot, simply because that's the only one in which the presenter himself has the conflict rather than folks who are interested in the work.

B

So if you can't live with that, throw yourself in front of the microphone at the important time, kazuo go yes,.

C

So this is about cash dodges and there hasn't actually been new updates. We use the new version four and it was to remove the support for steal, digest and we've done, and there was a push back on the github pull request and that for REST API that serves a list of files there. It would be beneficial to have a stale digest so that the server can push the stale ones when the index is being requested.

C

So we might reconsider this, but we don't need to hurry because they open you soon, that's being pending and which is about changing to yet another bit of digest algorithm and ultimately, ultimately, we need something by a browser that works well on the browser and that's also pump. So your honor is continuing his research to find the best, algorithm and I think we will rather wait for him, then trying to figure out without having any implementation. So that is the status of cache, digest.

B

Thank you, so we just intend to keep this open for a little bit right. It's an experimental draft, so people are clear on on the status. Yes, okay, anyone have any comments from the floor. Remote cache digest.

B

Okay client had in spark to you.

A

So we just opened a last call working group last call on client hints Ilya submitted the new version of the draft we've held it open for a while, because we wanted to make sure that coordinate would fetch the fetch special specification. What working group, as well as the HTML specification there, so that it was a align with what we did and I think that the folks involved will agree. It's it's settled down enough where we can go ahead and ship this back, so we opened a three week.

A

Working group last call since we're all here this week and a lot of us are traveling over a week in the next week. We made it a bit longer than the normal one.

A

So please have a look at that specification if you have any feedback since the list, especially um this is an experimental draft and we called it experimental because we only had one a browser who was committed to implementing it and so we're looking for interest and implementing it from other folks, whether it's browsers or server-side I know, we've heard from some folks on the server side and also you know, support for publishing it interest in in the general use case that it that it is designed for.

A

So please take that to the issues list or to the mailing list, or if you have any comments about client hints. Now, we've got a little bit of time in the mics, no and ecers. Here, that's good. Okay,.

B

It is so we have one more active adopted draft to talk about, and that is sixty to sixty-five this, the cookies Restatement and update. They believe my quest was gonna, try and join us remotely. Is he yeah.

A

Why can you go ahead and request? Do the media co thing? Oh wait, I said: make it new Nick, never gonna come oops. Maybe they'll find Mike yeah. There is okay. Here we go.

R

Hello, who's working, yes,.

H

Yes, technology.

R

On the first try amazing, so our TV is 60 to 65. This there's not a whole lot of progress, since the last meeting I have not had time to work on it. Happily, though, we have John Wieland ur from Apple, who is who's agreed to hop in as an editor, to help me out so I'm, very hopeful that we'll have actual progress to discuss in a couple of months. There are a number of bugs have been a lot of those around the same set attribute, which is excellent, because people are actually looking at.

C

R

Site attribute, we have support for same site, is shipped in Safari Firefox edge and Ivy over the last couple of months, which is pretty exciting to see because of the attention we're actually finding bugs in the spec, which is great, we'll get those fixed as well as fixing them in Chrome's implementation, which has been shipping for a while we're also in the process of porting over the test suite that Adam bar through a long long time ago, into the web platform tests repository that browsers are generally using as part of the newest integration tests.

R

We've got about 50 50 some-odd of those tests ported over, and we aim to get the rest of them ported over now that what platform tests has added support for multiple registerable domains, which took quite a bit of time, I'll note a couple of metrics just because I think they're interesting around this time. Last year, the same site attribute was present on 0.01% of setcookie operations. That chrome user saw that's up about 5x over the last year, so we're up to about 0.05 percent of secresy operations using the same site attribute.

R

Likewise, the double underscore host prefix was at 0.005 percent a year ago and it's hovering around 0.01 percent right now, so about a 2x increase. The double underscore secure prefix was hovering around nothing a year ago and is up to about 0.003 percent over the last month, so we're starting to see more usage of the things that are defined in this new specification.

R

We're also seeing as I noted earlier, more adoption of the items in the spec, so I think we have multiple implementations of everything that we've added and, as I said earlier since John's gonna, join and help out with the editing I'm hopeful that we can get through some of the disagreements between browsers and I disagreements between browsers and the stack resolve, those in favor of the browsers and call the spec down any questions or feedback.

A

Eckerd, did you know you're done? Okay, anything! Anybody, okay! Well, thanks, Mike cool.

R

A

For staying up and good to see you yeah.

B

And that sounds promising. Thank you, Mike Thanks, okay, so, as I said, I think that ends the presentation. We have an adopted work, we'll move on to some. We have three proposals or things.

B

People are interested to see if the working group fields are in scope and has the energy to work on and we're gonna start with CD and loop prevention, because there are several conflicts with CF RG coming up, but that includes just one of our presenters who is Nick so, okay, so so Nick's declines to take to take the time and so Chris's we're going to Chris's conflict and have the sni presentation next got that wrong.

C

You know we can.

B

Correct that too, but you've ruined my ordering of my tab. So I just got to look around.

B

K

So I'm sure we all are familiar with the various approaches to encrypting SMI I know, for me saying something is the easiest way to submit it in my mind and when I was a kid, there was a game where they would tell you something and then do charades and I kept saying the thing they would tell me and I just couldn't stop myself and web browsers are doing the same thing. They say it even when they're supposed to keep it secret and so we're trying to find ways to reduce that.

K

All right, so the proposal in a nutshell for is to add an S and a parameter to an old service record to say for a given alternative. You can also suggest what s and I value you ought to use when connecting to that onto that surface, and so you can pick something innocuous that you know is going to be in the same certificate or you can pick a certificate.

K

You know the server has and then you secondary sir, to get the one you actually want afterward, but either way you can pass the suggestion on, along with alt service and all the various ways to deliver that.

K

So in terms of how you check that that first certificate is okay, which you have to do, you can't just follow what used to be there for opportunistic security, and we took out before it went RFC of discard the first certificate just doesn't matter it actually does, because then an active attacker could induce you to connect and then see what secondary certain request you're sending as soon as you connect and well now you now it takes a little more work to find out what your s and I is, but you can still acquire it now.

K

The primary certificate on the connection has to be somehow related. It might be the host name that they gave you the s and I for so then. So whatever the innocuous host name is, it might be the host name of the origin, which is what alt service currently says, or it might be the UM the host name of the alternative that you listed in the alt service parameter.

K

So if we're saying you can get dub-dub-dub on alternate example.com, the cert has to be for dub-dub-dub or alternate, and if alternates assert does not cover it up, dub-dub then you'll ask to see it with secondary service.

M

This creates a way to confirm these potentially way to confirm.

M

Where you going I think, but up to thinking through maybe ever okay having all three of those like seems like it's really hard to think to reason about like if hit the claim that this says go to this says: go to these guys right, like the the alt service says, go over here. Why am I returning type the original one? That's like not that's a confusing semantics.

K

So I asked I asked.

M

For a delay, example.com B, dot example to org in yes and the old service like what, under what rational circumstances should be dies able to or be sending mediate certificates. For example, my cop.

K

Rfc seven alter of us right.

A

So so old service currently requires you just the alternative server to send back the original origin. I understand, but he's.

M

A

A

If I can insert myself behind you and cue, my confusion is: is the dolt service requires the or the original origin? The you know, the Georgian house name to be covered by the cert, but it doesn't require the alternative to be covered by the search and I can understand the s and I being added that that seems like okay, we're gonna do something in this a Sinai's name. We should probably own it in some fashion. But why add the alternative to the next so.

K

This is adding the alternative as an option, so when you're using TLS 1.3, which cert which cert you're using is not exposed to the wire this given gives it a way to basically have a concealed option and I think the that.

M

I, you can't do that because then it'll just cut and paste.

K

M

If, if you respond to the cover us and I value with the true certificate, then I just say the person I thought you and send us the server I get the certificate back. You have, you have to respond or then knock your certificate as the curse to me.

M

Now it might be a star certificate or it might contain both domain names, but absolutely if it doesn't validate for, like the it doesn't validate for the original for the sni that you put in the in the client hello, then it's absolutely clear that us and Isaac cover us and I like why we spent all this effort trying like trying to climb hello, the client key share to this and I in the first place.

E

So Ben Schwartz I agree with your analysis. Essentially this draft does it introduces a variety of modes essentially or a variety of combinations where it can be used, not all of those modes. Quiet provide the the full level of protection against a probing attacker. Basically, so yes, if your, if your threat model the threat model that you're proposing, is a reasonable one. If that is you the threat model of the site, then they probably shouldn't use this in that mode. They should probably make sure that that they return certificates that cover the sni.

E

The clients are providing, but okay, I guess.

A

I, just in kind injectors as chair is, is this aspect of the design crucial to meeting your use case because I don't want us to crater on this. If you've got more I think.

K

We can tweak this, but okay.

H

A

Not hyper focus on this one part when you've got more and.

K

I think also, the scenario that this last bullet was added, for was when the alternative is an IP, and so.

K

Well, the must is it, it must cover at least one of them.

N

Suppose anger so I'm wondering why we're mucking around the sni itself. That's nice, several restrictions that must be like a s key character, since we got that I forget and must be a domain name. So it seems like this all this other stuff is. Problems will be great being created by the fact that, like your, your multiplexing, the s and I would be possible to just eliminate the SNI the usage altogether and use another extension instead of the s and I when the replay field or well.

B

No SMI yeah, so we're gonna actually cut them like line right here occur, but well we're gonna, Rio.

C

B

So they can finish the presentation, but we're gonna reopen.

S

N

So yeah I'm lucky not mucking about with the SMI value or changing that's not evaluating that's an ayah value altogether. Instead of doing as an alternative s and I like no SMI, that's.

T

Distinguishable on the wire from normal traffic, an adversary who wants to blah no SNI traffic can just block it. So that may not be as strong against an attacker who wants to first you into the position of sending us an eye.

K

Right so the the primary point of this design is from the external wire image. It looks like a connection to the innocuous thing overall, no using alt service potentially, but then, when you get inside the connection, the client knows it actually wants some other certificate or some other hostname on that certificate. Erick.

U

Nygren clarifying question and response clarifying question: these are in addition to the V it has to match the host header, not instead of yeah, because a.

K

U

A lot to break the security properties of alt service, which is, if you, if it's.

K

Instead of so, the primary certificate has to match these, and if that doesn't cover the domain, you want to make a request for then you need to get the these certificate that covers that domain, using secondary service.

U

Okay and then the clarifying one is the the other. There is a like the the even just a simple use case for where you could do this just as a wild-card case, if you yes, there are, there are a number of. There are quite a few sites that have a big, covering wildcard sort like star dot, github.com and just being able to do underscore. Wildcard github.com in case in the alt service is a a very simple use case. That could add a lot of value without needing to get fancy.

U

So are you suggesting that.

K

Was just in response.

U

To supposed to comment on a case where this has value, even if it was even if we weren't doing anything, fancy.

E

To su boats point, the draft also does state that you can specify empty string, which means they don't use this an eye.

E

Okay, so we're switching so there are two drafts here. That's one of them, the other one is DNS alt service. In principle, this is separate. So this a this is applicable, it's functional as a draft whether or not you have any of the this SNI munging capability in alt service. It just doesn't necessarily cover all the same use cases, so DNS alt service, basically just gives you a way to distribute alt service through the DNS. It does the simplest thing you could imagine the there are some interesting subtlety here.

E

One of them is that you can fire off a DNS query for the alt service and not wait for the response. If you want, you can just race ahead and essentially the the draft says that it's up to client policy, whether the client considers it mandatory to get that information before before starting the connection.

E

Well go back, I'm, not done yet so a couple of new things that have happened here. We we switched the order of the prefixes in response to a request from Martin at the last meeting, and thanks to a very detailed review by Schumann puch in DNS, op, there's now very clear semantics for what to do. If you have multiple of these things in an AR are set in the in the DNS and that's set up so that you can use this for load balancing within the DNS.

E

So it's yet another layer of indirection that can be used for load spreading. Okay, I think that's enough, and this is a totally unfair slanted comparison of yes and I our drafts, because I know that this is. This has to be what's on everyone's mind, so I one thing I want to add to this in case.

E

Anybody thinks that we're being too unfair is, in my view, these these drafts are they're compatible in a in a in a simple sense that a client could do both or one or the other server could do both or one of the other and and everything would work. Fine but I'm really personally interested in ways that we could potentially combine them and basically get the best of both worlds. Yeah one.

K

Thing that we've discussed is: could we put the ES and I record an old service? Sure.

M

So doesn't that everyone fair, then perhaps inappropriate or irrelevant, but we're not in competition here unless, unless you're planning to send and letter for they should be working groups of tales for group saying do yes and I I'm, not sure we need this need this comparison, I mean the relevant question is on so I mean the the the I. Don't think it's bad to have DNS all service um I'm, not sure it's good, don't know, I'm, not sure it's bad either.

M

um I think I'm, like less persuaded that that the dolt service has an eye on the / to that. If you're, the environment, where were you're doing, is you're trying to go to like server a um and you do nice resolution, um it's not clear to me that having the having an SN, I, punt and then followed by second, if it gets the superior dev encrypted s and I, um it's clearly slower and it requires an hour on trip.

M

um It's there's gonna be like one domain in the marker, um and so there's gonna be one domain, you're gonna be showing so it's gonna, be relatively similar. Marketing properties um and- um and also the thing is like, basically, um you could use totally right by the way about, like it's obvious, what you're doing but like.

M

Basically, when that one domain is like, you know um that one that one that one domain is like I in the cover domain, like it's kind of obvious, that almost everybody there's the cover on and also I mean frankly onesies and make people sad about. You know the various domain fronting debacles over the past, like you know, past, like three months, was that someone's name got wasted as like the cover name and those guys got somewhere under risk is selectively blocking, and so so I mean.

M

This is why one motivates putting like a blank name in there, but then, when you're a blank name in there, then you're like well I, don't understand why I didn't do what why I got on that bike named.

T

Daniel Kondo more so if you could put up put back up your comparison, I wanted to there was. There was a line missing there. I think yeah, so so in particular, yes and I seems to be designed to permit a client facing server to be distinct from the actual origin and I'm, not sure that's the case for alt services and I or DNS alt service. Maybe you could comment on that. I think.

K

That is correct, that with yes and I, the server has the option to decrypt. Just the sni payload discover that it's not for that server and forwarded on. Whereas with our proposal proposals you would have to terminate the HTTP connection and relay the requests you have behind reverse proxy. So.

T

To be clear in the alt service proposals, we're saying that the the client facing server gets clear text access to the traffic correct.

A

Just to set expectations, we've got about a little more than ten minutes left on this one o sonification.

C

Question you said that how all this all this PC DNS thing provides new law passing under those defenses may ask how it's different from just sending a set of IP addresses. You know address query, because it's just sending a list of hosts rather than IP addresses.

E

Sure so well so I'll mention two things here. One of them is that, because the because the DNS alt service ties the the alt service parameters, including the choice of SNI, to the load, balancing selection, that is the the choice of our our it makes it possible to have to to load balance or switch across destinations that behave differently.

E

So if you have a classic the example here is, if you have 2 CD ends, and you want the ability to load balanced or switch rapidly between them, then you might need different cover sni or an initial sni for those two destinations.

C

E

You can actually do that with IP addresses indiana salt service by by specifying an IP address. My.

C

Point is that damn? Why do you need to introduce a new? Yes? Well, you can do that with just an area code.

E

So you, you can't do this with an a record that is there's no way otherwise in the DNS to say, if you find yourself load balanced on to a particular destination. Ip address then use this set of alt service parameters, but if you find yourself load balanced on to a different IP address and use a different set about service privacy.

C

C

Yes, thank you. Yeah.

U

Eric my gran Akamai I'm decoupling. These three think the three things I think alt service DNS is extremely valuable and a lot of really good use. Cases for and I'm very positive on. It. In fact, I think that that most of my deployability concerns with yes and I go away, or many of my deployability considered with with yes and I, go away.

U

If we use the DNS alt service record as the thing to have either a reference to the AES and I keys or or the SMI keys themselves, like the multi CDN case, it solves it also solves. It also means that you can have keeps some of those TTLs, potentially independent, the alts and I won. It may be that that yes and I makes a lot of the Q's cases for all service s and I go away. It may be that the wild-card label, one in particular, is one.

U

That's a simple enough case that, having that's still having the alt service as an I attribute just to cover that one. So people could use that without having to go. Full-Bore yes and I might be worthwhile.

A

Patrick Ted and then let's let.

E

Me just respond to that briefly and say: I think there is a I think there could be a possibility there, where we, we say that you know basically the the secondary certificate case. If this stuff is covered by ES and I, and so we we use yes and I for those cases and then we we only need s ni replacement for the essentially the cases that don't add a round-trip.

B

So star was just a short co-chair comment, which is remember that we can consider these things independently, but we chose to present them because they obviously have implications for each other if you chose to adopt them both right. So then, as an individual, a lot of Plus Ones to what sort of Eric said, I, think DNS auth service itself very interesting, I'm interested in be able to know what protocol negotiation is going to look like before the first round trip.

B

That has a lot of actually really nice latency optimizations for the browser use case, so I'm interested in those the s and I stuff, I'm, very uncomfortable with how it impacts the the core rule of alt service, which is alt service, has no impact on how you interpret origin- and you know, there's some interesting complexities there around the how the certificates are I understand the the actual rule is it's not violated, but it muddies the waters a bit. You know it's pretty the discussion about the certificates, so I'm less enthusiastic about the working group.

B

Adopting that personally.

V

It's ed hardy before I start. I will note that you had two remote people in chemo.

C

V

Least, one of whom was ahead of me, so if you want to do Luntz next, it would be ahead of me. Okay,.

W

I guess this is working now, so thank you. I'm Luke, Jacob from Bloomberg I'm, quite interested in the old service SMI portion of this I'm part of a group that is proposing a standard called trusted traffic.

W

We have an internet draft in, and this would be very interesting for an origin to redirect authenticated traffic around a mitigation point that may be congested we met last week with would then also to discuss what we were considering, and this would actually be an interesting way for an origin to redirect a client to a to an edge network that can very using some lightweight mechanisms validate the client have been forwarded on to the origin. So our very interested in this and seeing.

C

W

For our use, cases versus publishing those records wouldn't be ideal, because we would, we may want to send a very specific edge to a client once we know that that person was authenticated and trusted. Thank you.

V

It's at Hardy, I, I, guess in part because of the the green background to DNS entries, are human readable and should not require frequent maintenance because to me that that seems like it needed a blink red behind it of like. Oh, you, lovely.

G

V

You think this is an advantage on the human readability aspect of it a whole bunch of stuff and sorry.

A

Louis, could you meet I think we had a little bit of control issue up until you you'll be next.

H

V

All right, so, let's get back in the queue please. The the the the critical question really here is that if you think that the DNS human readability here and the less frequent maintenance will interact with people's attempts to use the DNS for redirect, I I I think that this turns into something where it's at at best a white background. And if you believe that that's because everybody's gonna use you know IP multi anycast behind the specific names you're gonna put in here, I kind of get that that might be the case.

V

But I really worries me that you think the human interaction with this record is important and I'd like to understand why you think that's the case.

E

Okay, yeah I, guess in general, I I think that somebody needs to be able to configure this somewhere right. So to me that I guess the question is basically: do we need to create additional systems?

E

Integration points where you know, one of the one of the challenges that so I should I should be clear that I I am a big supporter of yes and I I think it solves my problem that I care most about really well one of the challenges I see with it is that it it creates an integration point between key generation somewhere in the TLS front, end and and the DNS, and that's an integration point that I think that has to be fully automated, because as far as I can based on the discussion list, it sounds like those are supposed to be relatively short-lived keys, which means they're replaced pretty frequently.

E

So that's that's a new engineering challenge that seems like we avoid if we basically have a static record whose contents is easy to understand. Okay,.

V

That's a much better phrasing than that I appreciate it could.

A

The mica lines are cut now, we're almost out of time, so.

M

I guess now I'm clear on what those points were supposed to mean um so I think the or certian you're making is. If you want PFS or the ESN eye, then you have to. Then you have to regularly change the keys, correct piece of you. Don't current PFS for the sni, then you don't just keys like basically act right, hurry now, DFS is desirable, but it's not doing the wall. um Yeah okay, um like I, said I'm sure trying to figure out how you envisioned this looking it as a privacy measure so resolves I.

M

Think, like you know, as Eric said, I I have basically the representation of like yes, ni keys in the DMS. If you don't think those Ruby an old service record rather than like an underscore yes and I record like I.

X

M

Guess you know the I'm trying to figure out what your sir model about how this works is because um is your model the same one, we're floating that basically, um everybody in the in in in everybody on the sort of CDN is gonna use all service to redirect to exert to redirect to the discover name, I.

K

Think, basically, that's where you wind up whether it's a single cover name or whether it's a set of names that you know are associated with that, sir. So the wild-card search was a good example, but.

M

Doesn't that mean that basically everybody in the world except says extra round trip to get the secondary? Sir, not.

K

In the case of the star yeah.

M

But is it likes a Clow flat yeah.

K

If you, if you put a certain name in the search that is not associated with the name, you're, actually making requests in yes, 0tt turns into one RTT or in.

M

One RT he turns into two RTT: yes, I, don't see how you get away from having that those names I, don't see how you get away from having the names outside the surf um decision. Wildcards like so you know. So um you know this is a staking CloudFlare, where you have. You know n main names in the cert right um under what conditions is safe to put like to put symptom surgery like you know, to pretend like what do you I?

M

Don't understand what you put in the initial search that like has any prod body succeeding so.

K

So consider the case where the cert contains ten customer names and CloudFlare, then you can put one of those other names or put CloudFlare in the S&I and get back the search yeah. You have to put something that would allow it to identify the sort, but no.

M

I understand, but my point is like so this, let's say: Clark's I don't want to like complicate them, they're, not like the people in charge of this, but you got a big CDN and it's got like 10,000 customers right and the all of them serve all service for innocuous domain. X will say: CDN comm right.

M

So when I so I go and I asked for a two example: calm and I get all service in a CDN calm and, like wonder why I was the only concern me is like the cert, which sounds like a one in a one of one thousand chance at how you might have a minute, so I understand how it works. So.

K

Basically, there are two ways that that could play out the first one is that you have a search that is completely unassociated with the actual domain name, yeah.

Q

K

You have the extra round trip for secondary service. The second one is that you can use some other hostname, that's in the same cert, and then you have ambiguity from from an observer as to which of the host names covered by that cert you're, actually dealing with.

M

Okay, I guess but I mean in the in me, I mean that's like an enormous information leak.

M

Right I mean so you know there are you know the CDN is me so I'm like I'm, like an inspector and the CDN, is hosting 10,000 domain names, which 100 or like really interesting, because I like cancer sites or you know, or you know, or dissidents, right and so like then they have, as you say, they have ten dominions per search, which means that, like you know that, but the vast vast majority of I only ten innocuous domain names in them, and so then, when I pull out all I get back one of the second it is, and by the way like the search were not you see these search all and the clear encrypted, but they're, not because all I have to do is take that SMI and replay to the server and I get the entire list of co-located debate names assuming I didn't scrape it a DNS.

M

So like it's a huge information Lake so.

E

If this is true, so first of all, yes and I is strictly superior. In this case, I I think that's I, I agree with that assessment. The the thing I would say is it. This is not as impractical as you might think, because there's a small number of sites here and if the different, if the choice is like just close, is that the visitor is viewing my site, which is potentially dangerous in different ways or accept an extra round trip.

E

That's a choice that that, just that one domain owner can make without the rest of the CDN having to make any choice at all that one, our TT would be a big cost across a whole CDN, but for a single customer, that's a that's! A very small performance cost I. Think well.

M

Again, I'm not trying to like draw comparisons between mechanism to trying to analyze whether this mechanism actually a plausible mechanism, one one he is right and I mean it seems like. Yes, as you say, you could make that work. But it's like you know it is I. Don't like I, don't see any scenario which doesn't involve a nice two round trip I mean I said like I, sorry I see one which is like some enormous domain, which nobody is willing to censor. Combined with.

M

Like you know, a very, very small number of like domains are willing to co-host that are sensitive, and in that case that didn't contain, like you know, like smoogle calm and like the seven things they're fronting for, but like we're on trip. As far as I can tell so.

E

Yes, but there are other threat models to consider, so one of them is I am the only domain on my IP address. There is in fact, no way for me to be confidential, but I can at least avoid explicitly leaking my identity on the wire and instead I can I can zero my sni and then I can try to basically hop IP addresses, and you know the IP address is all that's left to identify me right like these are not cryptographic threat models, but they are real threat model. So.

A

I'm gonna interject here we're not gonna, make a decision about this today sure and we're over time. Okay, so we I think this is gonna, be a great hallway conversation, okay, good endless conversation. So so we wanted to just get a sense of the do you have you you're you're, good right. We want to get a sense of the group who is interested in interested in continuing this discussion. We're not talking about adopting documents, we're not talking about any decision just who is interested in this discussion. Continuing up I'm assuming that that's a yes right.

B

Because this is the second time we've we've worked to this material, so we want to. We want to see if there's interest from the working group to continue or if we just kind of need to move on in a different direction. So we're gonna do two moms right, one, presumably with the simpler, the DNS all service right, see. If how much interest there isn't that and then you know separately and I guess gated on the first one um interest in the alt service, SMI right.

A

I've done this before parallel, so if you I'm gonna, be careful here, if you are interested in continuing this discussion of DNS alt service, please hum now and if you're interested in continuing the discussion, the vault service S&I, please come now.

A

It's fairly strong Brad you're you're, putting the hum off of kilter a little bit there you're very good at this. The first one I would characterize as a reasonable amount of interest. The second one just slightly weaker. Okay.

A

No because we're just gauging interest yeah, this interest is everywhere. Okay, thank you very much showing so next, the CDN loop, yes, um yep, sorry we'd close the queues. Thank you.

E

Hi I'm Nick Sullivan. This is a draft that was put together in the last couple weeks about a specific issue that has been plaguing of a very small segment of the Internet, but an important one continue.

E

So as a background CD ends, you can think of a CDN as a lot of different things is something that that's hosting static content, but a lot of modern content.

E

Delivery networks are organized as a reverse proxy for websites, often TLS terminating, because customers can configure a CDN to point to an origin, and this origin can be anything you can end up using CDNs in layers, so one in front of the other in front of the origin or you can have them pointed to basically any IP address in order to prevent a customer from configuring, a CDN to have a reverse proxy that points back to itself. Through another service they often implement specialized headers.

E

There are some specific ones, that're that are listed here, that have been used to help prevent these loops, so because it's possible to point these two e to one other and because it's possible to configure your CDN to modify headers along the way, especially headers that are multi-use or custom to a specific CDN, like some of the ones listed here next slide, please, you can get into a looping type scenario, even if you, if proxy 1, implements a special header that says hey I've, been here before, don't forward me, proxy 2 can remove that header and proxy one can remove proxy twos header, and you end up in this infinite loop.

E

This sounds theoretical, but that next slide please sounds theoretical and there was a paper about this, which was a theoretical paper, but it came with a practical implementation. This- and this has been confirmed you can. You can actually do this on.

E

Basically, the majority of the top 20 CD ends in in some configuration or another, the loop can be 2 or 3 or 4, as long as you can configure one of them to strip out the dedicated loop prevention. Header, you can force them to do an HTTP lupine, and this paper has some very interesting graphs and and experimental results from this. So how are you supposed to solve this, while in HTTP there's a header listed called via, which is meant to indicate that a proxy has forwarded an HTTP request?

E

This via header is an example here. It lists the HTTP version and then a canonical name of what the proxy is and you can coalesce if you see the same proxy multiple times and you basically just append what you see on top of this, and so you should you shouldn't, combine entries that have different protocols, but in any case this this is supposed to be the solution. Next slide, please.

E

So in practice, dia is overloaded and in various web servers like iis, six is-7, nginx and apache, which, as of the list records, makes up I would say somewhere near the majority of all web servers and web servers behind CDN. It's very hard to measure that number, but it's well. It's relatively correspondent with the public facing numbers, there's an assumption that a via header indicates a proxy that does not support compression, so an HTTP proxy. So, basically, all the compression related fields are ignored.

E

So if you as the CDN, send a request to an origin with the via header, it will reply back with a response that is not connect not compressed unless explicitly configured to turn on compression next slide, please. So the proposal for this is a very narrow, n--, dedicated request, header called CDN loop. It has a very similar semantics to via and is meant as a replacement for via that is actually practically deployable and can be used to prevent this next slide. Please all right.

E

So the the rec requirements here are that conforming CDN should add a value if they are reverse proxying data, and they must not remove this header, so you add to it, you don't ever delete it, and as long as everyone agrees, then this header can be used as a common loop prevention mechanism. Next slide, please.

E

This was posted on the list with a bunch of comments about existing other methods. That may be useful for this first, which is RFC 7230 9 the for today, HTTP extension.

E

It there's some some wording in here that may be a little bit ambiguous. I wasn't able to interpret it fully, but basically you can. It says in Section four that you can remove previous forwarded headers. This is something that that breaks the required semantics of of what we need for preventing loops. The other proposal is from HTTP the one one, the max forwards, header field. You could basically set a max forwards field and decrement every time that you go through.

E

So eventually you would decrement down to zero, but the this field is mostly oriented towards trace and options, and its use in yet is is not something that is widely agreed-upon or implemented, and that's basically it so. This is a proposal. It's a custom header. It's has a dedicated use case, but it is one that is it's useful for a very practical attack so grid up for questions. I've.

B

Got a few minutes go ahead, yeah.

F

Thompson I made some comments earlier about the privacy aspect of this, but looking at the alternatives here, the alternatives of far worse because forwarded, says yeah I forwarded it for that guy specifically identifies them. There's pretty similar on that front as well, so I think as long as you're using some sort of generic opaque identifier that only the CDN itself is is going to consume. Then this seems about right. It's unfortunate that we have to do basically the same mechanism as another one, but you know welcome to the Internet.

X

Otsuka at Google, so I think that forwarded that header is actually battery space. Here we go back one, even if we just used the bike field that would be. You know, forwarded.

C

For MacGyver forwarded.

X

By University and so I said, cetera as a side note, contrary to what Martine says, I think all CDs already include that connecting right IP anyway.

X

So this way, if multiple CDN providers collaborate, it could actually be useful chain that actually propagates the client IP all the way to the back end, which I think has value, pursues stripping it, and you know, adding the last hope and CF connecting ideal IP, all of them self.

Y

Labor from Apple it's reading this raft, it kind of reads very much sort of targeted towards cross CDN loop detection, yep. That's that's nice to say, I.

E

Kind of feel that it's.

Y

It's much more generic than that. It could also be used inside a single CD on right. Let's say you do in cash hierarchies, child parent proxies that sort of stuff- and you and your example, kind of shows where you put in the host field as a parameter to one of those things, but I really think that it would be better if, if the spec would be generalized such it can be both both cross, CDN and sort of intra-syrian detection, I.

E

Think we already have mechanisms for intra CDN I mean this is why there's loop detection headers that are used inside of CDNs and and generally, if you understand your infrastructure, you will not get into this situation. This is this is really about multiple independent configurations from customers that can strip headers and if you're inside a CDN- and you have multiple and you have this complicated set of proxies and some of them are configured to strips the looping headers. Then you really have a Mis configuration in your CDN. No.

Y

That's not the point. My point is that I mean instead of having two headers right now that we would do say via header to detect intra-syrian look detection, but if I can do this all one other one, why bother doing the doing both right? That doesn't make any sense so I.

B

Will note from the chair seat the some flavor of this comment was pretty common in the in the thread in which you used this work. I will also know that was kind of nice to see you know 25 entries about someone proposing new work, so there is some interest in the space which is great. My question to the authors would be if the working group were to adopt this.

B

With the resolution of this question about scope B, you know something we would consider a consensus item for the working group to decide, or is this just something we should not adopt if the working group can't decide that beforehand,.

A

Mark Nottingham is author, I'll and I'll say what I had to say before I answer that question specifically because I think it will inform it. This is a very specific problem. I know we all as engineers have this urge to generalize and to make things more generally applicable and that's admirable, but you know, as as Nick said, you know, we have CD ends where customers can configure to strip or add headers very flexibly.

A

That is a feature that we all like to support and that we need to support and if we reuse forwarded or we reuse via or we reuse, something that can be used by other intermediaries, then it becomes not a specific, targeted mechanism for how do we avoid loops between us and CloudFlare and Akamai and everyone else too, something that there's ambiguity about whether or not it's going to work or not. We really need this to work. The attacks here are interesting.

A

So to answer your question without talking to the other authors beforehand, my sense would be that if we can't get to consensus that we want to targeted mechanism here, I'd probably want to go somewhere else, because it's more important to me that this works and that it's simple for us to implement and we don't have any special handling around a header that a customer might want to touch for other reasons. Then it would be to have a general mechanism Kazu.

Z

A

And and to add one thing: I would love for the people who want a more general mechanism to articulate why this proposal causes them a problem why they can't live with it rather than just the urge to make it more general.

C

Q

C

Must not modify our requirement is a very good thing because most power web programming, web application programming ideas are designed to like whiskey or they are all in that way and that's causing the issue that we had us get getting getting dropped. So it's very it's a very good way to say that there is a specific added that must not be exposed to web application. Programming interface that could be modified, but rather which server I could have it I'm there for what it so I think having a speaker is a very good programming interface.

C

B

Call for the my clients, Eric.

U

Nygren big +12, what Mark was saying around value of having to have a specific header for these sort of semantics, I think also on the the how much to come, how much to generalize it also cover the entry within a CDN case. Some of that gets proprietary enough. That could bog us down forever I. Think having like the value of having something standardized, is to really work through the issues of how different CDN, czar interoperating and if the CDN wants to go and include, could have extra hops within this.

U

That's that's up to them, but um but I, don't think that I think the the key thing is getting that that between parties thing working out or worked out.

K

Mike Bishop I will echo both of the previous comments. That I think the real nah novel and useful piece here is that it's a header that must not be removed that the what is causing all the other things to fall down is that they get removed and the customers want to remove them and I hear the concern that if you use it for in domain things that customers might also care about, then customers might start demanding the ability to remove it.

K

I'm not as worried about that. If it's just find up front as must not remove, but okay and I, don't think there's actually anything that breaks, though, if you allow a CDN to kind of internal I say: oh, we have effectively three subsidy ins with in how we handle a process. So we're gonna, add three tags: okay, that doesn't break anything, but the important thing is you don't use it in any way that might incent a customer to challenge you. One must not.

B

Yeah, likewise, we're gonna your name Krystal.

I

Evans from Comcast the internal to the CDN, we can use whatever we want. We have lots of options and in fact the existing solutions work quite well, but again we need something that must not be removed and making it simple, making it straightforward, making it not useful for a whole bunch of things does in fact, and send people not to remove it and should help with compliance, and so I am very in favor of looking at this work.

X

So two other rest, mugs question: why for words, and not this specific solution, migrant here is that it actually can provide useful information. That user said like the IP, and this is opportunity for citizens to collaborate and come up with something that works and to end kind of.

E

X

E

Is your assertion that forwarded along with this header is not a good idea.

X

No I'm saying that forward that instead of this header would be more useful idea to the end users without them must not. Brigid must.

E

Not, or you want to add must not remove to the forwarded head header, no.

X

I don't understand your proposal. Just I may propose to use forward that header instead of that the CDN loop right I, like saying- and you know, additional draft- that sort of RFC that you must not remove this header doesn't mean that everybody will respect that right. If you want to be realistic about this.

A

Mark Nottingham again I think the the real value here is that it's not only it's must not remove it's that it's for an incredibly specific purpose. So, if you're not interested in that particular purpose, then you don't really have an incentive to remove it. If it's used for other things, you might have another reason that we don't know that right now to remove it and that's why we're using forward. It is not a great idea, in my opinion, because people are already using it for other things, which we don't even know.

A

If it's just carved out for the most specific thing possible, then there's less likelihood of accidental or you know, reuse or diverging use cases, and that's why this is so incredibly specific stepping and- and so you know, if you want the properties of for did, use forwarded. That's great! That's it's already there, but that's not the properties. We're looking for here, we're looking for a different set of properties which are a little bit subtle, and that's probably why this is a bit of a back-and-forth.

A

Stepping back I would ask the working group to consider we have on this draft three CDN vendors, who were all pretty highly engaged in this process now and they've come I think this is the first time we've done something specific to CDN. Usually our engagement is about more generic things. I would love to get a sense, and maybe not here and now, but for the working group to start thinking about.

A

If we have other things that we want, that our CDN specific, because the CDN is becoming for better or worse or the architecture and I'd like to see them become more interoperable. Is this a place we bring them or not?.

A

Okay, setting aside now we'll go up here and put on a different hat right.

B

Now you can judge a hub for your own document, okay, so we will do I. Think one hum here about whether or not there's interest in us issuing a call for an option. That's something we're gonna have to do on the list. You know no matter, but if we get a strong indication here that we're interested in working on this document, which is a proposed standard, so you know it's an obligation of the working group to spend their time and energy on.

B

You know advancing it quickly and correctly, we'll issue that that call for adoption, okay, so the caveat I would have here, is that we're going to adopt this document and we're going to adopt this document. If we choose to do so, specifically within the scope of the CDN question, and if that you know is not an outcome, that's acceptable to you. You should hum against at this point. So those are those in the room who are in favor of issuing a call for adoption and working on the CDM loop draft. Please hum now.

B

And those opposed well all right, almost unanimous. Thank you.

H

B

If you want 30 seconds, we don't know when you have the queues of wool.

N

B

And we can't understand you, maybe a gotta go jabber.

F

T

A

F

If that's a run so Julian says I, don't get why it's less likely that somebody strips the new head of field as opposed to fire and Roy, says via already works. All you need to do is to find a seedy and specific pseudonym and allow those to be removed by Citians. I. Think these are points will address during the.

B

F

Discussion I.

B

Agree: okay, thank you. So next up helium Lucas is gonna present for us remotely Lucas. We are about five minutes behind, so if you could make up half of that, that would be really excellent.

B

Do we need to press the button to make you go all right, you're on put your mutant.

G

Hello, yes great, you have to push two buttons. Oh that's good to know.

B

G

I had a lot of slides that I tried to compress down, and so I need to compress time further. So forgive me if I rush through this a little bit I here today to talk about network tunneling and whether there's space effectively for or solving the problem of, UDP tunneling, mainly for HTTP over quick and if we're going to go to that length, whether we want to expand the problem and solution into something more generic like IP.

G

So there are two drafts here that I'll cover one is called hint, which is something I prepared to look at the general problem and solution space and there's another thing called helium, which is draft by Ben Schwartz that was presented at dispatch earlier in the week. So I'll explain these in a few slides, but first of all, I just wanted to frame the discussion and kind of baseline on how tunneling works today. So next slide please.

G

So what we have here is HB 1.1. Don't don't pay too much attention to the one bit? Just just imagine it's okay and it's not h2, which I'll come on to you soon. This is not transparent. Proxying this is a HTTP 1.1 client on the Left, trying to issue a request to the server on the light and being configured to go by a 8 proxy. So you can see here.

G

There are two TCP connections, it's formed and the proxy takes on the role or the responsibility of affording that on and it may be able to filter requests or enforce any policy there. So that's ok, but we don't live in a plain text world now. So if you gone to the next slide, please we've got here HP 1.1 over TLS over proxy. So what we need to be able to do is create a end-to-end TLS tunnel. So you know this has been specified.

G

We have a new method called connect that we pass in a name to so this example comm server and that controls the creation of the TCP connection from proxy to server and the client then can operate the into any TLS context and issue its request there. This is typically configured with something like HTTP proxy variable or something like that just to highlight on the right this. This is kind of a protocol stack for you from the client perspective of things, so we've gone to the next slide.

G

This is hb2 over TLS, so you'll notice, it's not too dissimilar. We, we still have a client, that's able to issue a connect request here on TCP you'll notice that it's a it's still a hp1 proxy. So actually we were able to mitigate version here and still use this HTTP based initiation mechanism to create an end-to-end TLS context that we can then it to hb2. We negotiate that so using a LPN or whatever you'll notice, the addition of a yellow box, which is here HP to stream.

G

So this indicates that for a request response exchange, we are consuming a single stream. So next slide please this one gets pretty complicated, so I appreciate people, maybe aren't so familiar with quick, but if quick effectively inherits the h-2b to definition of of how connect words. So in this case, on the left hand, side, we've got a UDP association between client and cropsy. This is theoretically possible.

G

I'd love to know how many actual deployments of this there are, how you discover that proxies interesting you something like old service, or do you set it up using some proxy packer or something like that. But regardless you would issue a connect request on a quick stream and that would reserve that stream so then carry all messages and the client to the proxy. That would then get unbundled from the stream say and forwarded on via a TCP connection.

G

So what we have here is a single click contacts plus a TLS context in the same UDP Association, and we have streams within streams so that quick stream is a reliable byte stream. It can be affected by head-of-line blocking. So any duplexing of the HTTP two streams within that TLS session would be affected by the quick head of line stream blocking. So you don't necessarily get some of the benefits of multiplexing, but you do get the ability to connect out to the Internet, which is possibly more valuable. So next slide please.

G

So this got me thinking. How can we do the same for quick from the client to the server? Can we create a UDP Association from the proxy to a server and looking around doing some research? There was no kind of standardized way to do that by HTTP proxy. There could be some options here in terms of easy turn or socks5 UDP mode, I'm sure that is used in some cases.

G

But hypothetically, what might be neater or nicer is to if you've gone to the next slide have an ability to have something very similar to the TLS handling case. That would allow us to do end-to-end, quick tunneling, and you can see there. There's red question marks. Is that a connect method is that some other new HTTP quick extension, and this is where I began thinking about the problem space? So if we go on for the next slide, the the draft HP initiated Network tunneling is a generalization of connect based tunneling.

G

So this concept of converting either an entire HTTP connection or effectively stealing the TCP connection from out underneath the feet of HTTP or some part of it, ie the streams and converting that into something that can can effectively be a TCP UDP or, if there's interest an IP tunnel. So that document presents a concept and other design considerations in this space. So if we want to provide a solution or design one does it need to cover multiple HTTP version? So is this something that could just be for HTTP quick?

G

We need to consider things like proxy discovery and its ability to chain- that's quite powerful capability here and is that required for the kinds of interactions that we might want to do for UDP all right be something here. I kind of glossed over earlier is the ability to have agile argit's. So the connect tunnel focuses on one server. There may be lower level balancing underneath, but from the application layer perspective we have one tunnel and its own to one place. So would there be interest in having an ability to target different origins is more agility.

G

If we're doing message based tunneling, we need to consider path. Mtu TCP avoids that issue. So this is something to consider.

G

We need to think about the proxies role in in whether it relates messages as they go through or does it I hate like connect, only kind of blindly forwards, things back and forth hole blocking I already mentioned, and one of the main motivating cases for of this work is the ability to kind of mask traffic within a HTTP connection or and pad it out for traffic observation, so the ID Canter's through all of that it weighs up some options and the way pros and cons and prevent provide some technical proposals not fully complete, but more indicative of how things could look.

G

So we need more more input before investing any more time in only one particular one. Next slide, please so, yes, I kind of broke things into two areas: the initiation, whether we use a request method or some new h2 or H quick thing, and then the transfer, the steady-state framing of messages that we reserved a particular stream. Is this not even stream level and it needs some additional capability or something like quick?

G

So there's a lot lot of variability there lots of permutations lots of different ways to skin this cat, so just to help direct some discussion in kind of extremes. There's a spectrum of proposals in that document, one is: can we just take connect and augment it in some way? Come create a new method like connect but clearly separate from TCP, for in this case UDP and have some kind of new framing. Can we use something called helium which I'll it's been on the next slide and carry that over WebSockets?

G

Or could we go the next level and have some major framing and for hb2 or quick that helps realize at a benefits that slide please. So this is the helium draft. This is Ben Schwartz document. He went into a lot more detail in dispatches as he live in a single slide: lightweight flexible epoxy protocol based on IP designed for many use cases for and quick is what I've mentioned here, but you could do things like web RTC. Eg Fox in with ICMP support, go the whole hog towards VPN.

G

The concept here is kind of abstract message types and then a concrete realization of that and the document contains one which uses sea bore that runs over WebSockets, but we could also possibly natively frame that and that's captured in my document next slide. Please so in closing need to be fully acknowledging of the fact that there are many ways.

G

The UDP and IP based network handling, HDTV, based or initiated tunneling has some unique benefits and in comparison for those, some of the discussions we've had leading up to this is that there seems to be interest, but is there enough interest in empty that were honest time and effort? And if so, some import guidance would be required for us? Can we can we actually drive towards one of those solutions or permutation of those two options?

G

The things we're not considering does this work actually belong, not in HTTP at the lower layer, and that kind of that relates to what is suitable home in the ITF for this work. So that's it there any comments or questions.

B

We're running short of time, so, if you want to get in the mic line, do so now.

E

Then Schwartz I, just helium, was well covered in dispatch, so I want to encourage people to focus on the problem statement and not that particular component of the solution lines.

K

Cut that was a short last call, so I will comment but I, like the architecture and the problem statement here, that being able to use it CP over quick to talk to a proxy has its advantages and I believe that one of the previous Centrum's Google had mentioned they had at least for some purposes. It should be over quick proxies yeah with Google, quick and we're seeing benefits from that.

K

But the fact that you can't then do quit a capacitor Cox yeah I agree is a problem I like the division here of having something that is effectively hvp layer, I'm now going to send some of their protocol and then that protocol being a transport II thing, that's really an encapsulation. It's like an evolution of gru, maybe so I like that piece. I, don't know that they belong in the same working group. If we do the MGP piece here, I don't think we want the transporting piece.

K

If we form a new working group that handles this problem, then maybe it could do both and I think we don't know what what way would be best, but my opinion would be. We don't want to do and try and pick up the whole problem in this working group.

U

Briefly, the one thing that what I didn't see called out here that worries me a lot is how they can is how, when you start doing this sort of thing, congestion controllers start interacting, it seems like there's a lot of transport stuff under the hood here. That gets very messy quickly like running quick in quick. What.

G

Yeah, that's the page. Issues came up in the dispatch session and something I hope to capture better in the design. Aspects means more thinking, but.

U

The account on the meta is sure, I think it'll be worth through. Mail also feel free to skip. It was covered heavily in helium, but was and dispatch pull is. Is we should be really clear on why we need something new here like it seems like a I P SEC over UDP covers a lot of these. A lot of the use cases here without requiring inventing something new.

G

Okay, thank you.

L

Taniya so I'm familiar with one use case well, as Mike mentioned something similar to this has been used already at Google and that's actually been very useful because being able to switch the last mile link from TCP to quick allows for a lot of benefits, because you can do better loss recovery and things like that on the last mile and it's so it's quite useful to be able to run a proxy in the cloud so to speak and have the clients be configured so that they can speak quick up to the proxy and then TCP out the back of the proxy to the origin.

L

So it's definitely useful. I I will echo what Eric said and there's one particular design assumption and quick right now, which is different from TCP in TLS, in that the transport and the crypto context are not separable, and this is right now commit assumes that they are separable right. We have TCP to DC connections that can become, and one pls think that can be layered on top of them. That is no longer true and quick. We really can't get that kind of composition, so you would have do you have to do TLS in TLS effectively.

L

That's something again. I mean I, think this problem is worth thinking about, but the pieces might land in different working groups and might actually trigger some interesting work. So yeah I think this is useful. Okay,.

B

Thank you for the presentation. We did cut the dough.

E

On in there, the dispatched chairs have requested discussion happen on the dispatch list, so I would just mention that you might want to join the dispatch list. If you want to talk about this more also, that's the chairs to think.

B

Of hey: did you understand that in to the extent that we are introducing and modifying HTP mechanisms right.

A

In the hallway, after the manor is gonna.

B

Act be multiple, you know, dispatch versus HTTP chairs, we're gonna, kick their ass, there's gonna be or there could be multiple discussions. You know. Have it have it? Have it your own way, I'll. Take you in the fight with Murray any day. That's all right, so we will take you no further inputted on the HTTP specs of this and I do want to reiterate.

B

One thing: I said on the list that if you operate systems that use the connect method implement systems that use the connect method, that kind of thing you know put it in a forward proxy scenario. This would be a great time to speak up because I think it's sort of under represented in this discussion, or perhaps it's not under represented in this discussion and that itself it's a you know. It is a point of input.

B

Thanks, Lucas we're gonna move on we're going to talk a little bit about h2 push data from yo EV has done some work that you must just share with us. So this is. This is a bit of an initiative to find out how some of things we have standardized our plain in the world and how that how that works out. You are not you math.

AA

I'm, not you earth, as you can tell. We.

P

AA

Remoted it so my.

P

Name is Dominator.

AA

I am engineering manager at Akamai.

AA

Yes, I'm not as tall I'm here to share some results about h2 server push, and this is over a period of 11 days. We had collected some measurements and had done some analysis on it from June 14th to June 25th, so at Akamai, h2 server push is primarily provided through a product called adaptive acceleration, and so what this park does. Is it analyzes rum data?

AA

So this is real user monitoring data, so data that is based on nav timing and resource time data speaking back into data warehouses, where we do some analysis and determine what the critical resources are that are necessary for rendering on a given page look, and so the idea is that, once we've identified these critical resources, we push them during the HTML generation. Think time.

AA

The advantage here is that we order the key is that we want to utilize the idle network time from when the page is being fetched from origin and also bring back the tcp slow-start.

AA

So, looking at a typical case, where we're not applying push, the HTML request is generated. The request goes to the edge in a content, delivery network and then goes on port origin to be fetched, and this is where we have the idle network time and eventually the response comes back and you can see that tcp slow-start in effect, so chunks start coming back and getting bigger.

AA

And finally, the browser's making requests for page sub resources, SS in JavaScript, for example, and then those get fetch down so the way that we utilize push effectively is to take advantage of that idle network time. So we want to be pushed down CSS and JavaScript, that's critical to rendering of the page during the time that the page is being fetched from origin, and so we're usually we're using that.

AA

Essentially that dead kind of time to good use- and you can see you know- theoretically, the tcp slow-start comes into effect earlier and by the time that the HTML pages comes down to the browser that hopefully, we've moved past that face so Jake Archibald wrote a great blog post about each. It should be to push saying it's tougher than we thought there's and he has a quite long post that goes into the nuances of H to push scenarios where it's more effective scenarios, where it's less effective.

AA

The differences between browsers the how the caches within each browser are work and very from between them. So it's a great post I recommend that you read it if you haven't yet.

AA

So diving into the results now so just to give a preamble before I show the graphs on how to interpret this. We measuring dom complete time in this case, and so when you look at these graphs negative is better. This isn't a relative difference between h to push on and h to push off so the further to the left that that you see the bar the better it is.

AA

This is chrome only, and this is only first few only so these this analysis, based on measurements only on first view, its excludes repeat view on purpose, and that's for a couple of reasons. One is that the repeat view case is not that effective with push right now, because of the absence of cache digests, for example, and with adapter acceleration, we try to avoid pushes on repeat views.

AA

For that reason, the difference that you're gonna see is going to be a bar with men and max values, and essentially this means that we are 95%, confident that the performance difference will fall within this range between the min and max. So essentially, you see green. That means it's statistically, that's faster red would be slower and blue would mean, there's no statistical difference, okay, so what using here is mobile results only so hoping your eyes are not pleading. Looking at this, the bars are kind of thin, but in this case there's 11 results shown.

AA

So what we're seeing here is actually the intersection of some websites that are using adaptive acceleration product and also using a new rum engine that Akamai provides which is based on the product impulse, and so it's the intersection between those products and I mean the we are just transitioning to this in your rum engine. So the initial customer base is small, but it's scoring and we hope to be continuing to measure it up based on this engine. So we use the nav timing metrics to fetch the Dom complete time in this case.

AA

So really, in this case, there's 11 results here, for we can prove they're, statistically significantly faster and 7. We can't say at all and I have the raw measurements on the side that you can see in the left that provide the confidence interval and the mean, but for the blue ones we're not supposed to derive any kind of conclusion from it.

AA

You know you might see the bar more on one side versus the other, but talking to our statisticians to say no, you can't say hey, so that has to be completely on one side of the other to derive any kind of conclusion. So here we have four that are better seven. We can't see- and you can see that the confidence intervals fairly large in many cases for desktop. We have 13 results and we have six that are better and seven that we can't save.

AA

Now the the scale is kind of shifted linearly a bit and maybe slightly in terms of magnitude, but you can see that the bars nevertheless are much shorter. The desktop case, the mobile- and why is this the case as just because we see more variability and noise and mobile performance data, so there's more variability, presumably due to more variance in last mile networks and that's reflected in the measurements. So it's harder to get statistics.

AA

Anything results in that the results were do be dead, see a statistical difference, we're seeing positive improvement with h2 server push applied.

AA

How did we measure so statistical methodology we're using a linear regression methodology, that's used for statistical calculations and it's based on following dimensions, so geographic location, client to west user agent hour of day day of week is P URL. This is all very important because if you don't product control for these variables, you get too much noise and there's several dimensions. I can introduce variability to the results, so a B measurements are actually quite complex, especially using the real user monitoring data. That's part of what we're finding as we go through this exercise and.

AA

Again so I talked about the set of customers that are used in this case so far, so we've split into desktop and mobile, restricted to first feel requests top 10 URLs for each customer, website's minimums and minimum threshold for hits that have h2 server push applied.

AA

So what were we going to do? I think what I'd like we're going to continue to gather data as a set of customers expand and we'll report back later?

AA

What we've seen so far is that server push is it's a powerful tool and the tool set when used in the right.

B

Circumstances so thank you very much and I I've asked people to hold their questions because we have a similar presentation from a different point of view. We wanted to make sure both of you could present before we run out of time, and then you can maybe address questions together. If, for whatever we have, we.

AA

B

Yeah after we do yeah don't go far.

AB

Everyone Brad lassie vendor at Chrome, so we also urged it in how push is performing in the real world. So first a couple stats right now we see 0.04 percent of HTTP 2 sessions that have a push frame in the entire session. That's not per delegation. That's for the entire connection.

AB

The average amount of push data in those sessions is 32 kilobytes. After after reviewing this data, we realized that more useful stat would have been the size of the pushed resource make that edit later some other stats we went when we see these pushes. 63 percent of them are successfully accepted.

AB

23 percent, 22 percent timeout and 13 percent are duplicate URLs, which mean that the same URL was pushed in the same navigation. There's some other noise for several other failure cases.

AB

So we ran an a/b, see experiment. We compared disabling push by sending the settings enable push setting set to zero and we would still process the push frames if they came. This was purely just sending the the setting we compared that to no treatment regular control, but we also compared that to sending an unrelated settings changed to see. If servers were miss handling set HTTP to settings, the Deaf canary data was too noisy to draw any conclusions about push, but we did satisfy ourselves that the servers were handling these settings for him properly.

AB

So we didn't need to include that control when we propagated this to beta within the beta results for the entire population or sorry, the entire test population, we got a slightly negative, non, statistically significant result. So the best way to say this is that, for the entire population, push makes no difference in performance. That's rather unsatisfying either direction.

AB

So we attempted to correct for that by removing the noise of servers that don't push so filtering by domains that, according to HTTP archive pushed when they were recorded in that crawl, we do see across-the-board improvements by disabling push, and all of these percentiles are statistically significant, and now we get away from the data-driven part of this presentation.

AB

So this is a wasn't intended to be so scientific looking, but this is basically the idea of what is the.

L

It's a clarification question on the previous line.

L

So the latency of the page is reduced when push is disabled. Is that what this is shown? Yes,.

AB

This is time to sorry dimensionless this time to content of content for paint I, see.

L

Okay and the control does not have push disable. This actually pushes enabled with max concurrent streams. So blue is push.

AB

Enabled red is pushed disabled to call it. Thank.

D

You lowers better, yes,.

AB

Lower is better so this is basically trust trying to describe that absent server. Think time or the maximum benefit of push is either your the amount of data you can send in one round-trip or your initial well maximum table you can send on trip which is either calculated by your bandwidth, your round-trip time or your congestion window and I've heard.

AB

Some people argue that in emerging markets, this is a even more important thing because of the large round trip times the interesting thing which mean when you take a couple samples, it all turns out to be about the same amount of data you can send in one round-trip just that round-trip takes longer.

AB

Of course, all of this winds up getting if it's the start of a connection capped by the initial window, which fear of being idea of recommendations is about order of magnitude lower than that round trip data other than you know, some people who are getting aggressive.

AB

So one of the questions that we have is if we were to turn off push for everyone. Would anyone really care? Currently, it's as I said only four 100 of percent of all the sessions we see it seems to be a performance, look on looking at some of the individual domains that are pushing some really really get it wrong. Some do get a good benefit, though so it it's all over the place.

AB

Oh I did have one stat, which I think the side, which was that four domains that had thousand navigations in both both test groups, sixty-eight regress and eighty for improved when you disable push so slightly better than the 50/50, and if we weren't working on push all the time, we could work on other fun things thanks.

B

So Thank You Brad, thank you for both presentations, my clients for comments, jonathan kazoo, okay, first crack because I told them to sit down last presentation.

L

C

Just wanted to comment that push is yes, we fuel have a long, but as we move too quick as we optimize HTTP to the buffer becomes shallower and americo push becomes small.

AA

Yeah just to add on that, since you've invoked quick, there's also a theory that, with there's been some experiences with headline blocking with server push that this we've made efforts on improving that and that in the quick world. That problem would also go away, which is an improvement of pushover, quick. So how that.

L

Interacts with.

AA

L

I'm Jen I ain't got first, he had a slide that they talked about, firstly, having an initial window of 100 I'm trying to make it happen. It's not happened yet. So that's actually the the the paper I'm familiar with the paper that you're, citing there and I, have no idea where they get that number from when I I do. But the number is incorrect. Sorry.

B

L

Story of the media, the conversation.

B

L

The on the I was it was. It was interesting to see the amount of variability that he had in your results and I was going to ask you. If you looked at the population sizes of those different sites, it seems like you might have very low populations, possibly, but it's yeah. Can you speak to the variability in the data yeah.

AA

I mean so there is variability and it's it's not unique to anything with Porsche. It's something that our service, por encima, has been discovering, as we do more analysis on ROM based data, and so you so you know your new measures using synthetic environments, you're much more constrained in terms of variability. It was ROM data.

AA

We see a lot of variability and there's been efforts at evolving the methodology to control that by using different dimensions as explained, and so that's what we have now and there may be further protected ology to further constrain it, but yeah there is variability there, and so even in the results are statistically insignificant. In this case you know we know that in synthetic tests we have seen an improvement, but you don't see it based looking at the ROM data, for example, so.

A

um We're actually out of time, but if folks are willing what, since this is just an advisory thing, let's go ahead and drain the cues, but no more discussions, please, and please try to keep your comments brief. So.

AC

Movin I'm, sorry I, don't know the terminologies I mean I. Guess I can go your.

C

Name for the minutes go home.

AC

Fastly, just really quick a couple of things since we're talking about numbers. Thank you for Chrome for sharing those numbers. I just want to share ours, really quick. We don't store in a user data. I just did a sample of 90,000 requests on a server 90,000 streams of h2 had they're there, 150 of them that were pushed that's point, one five percent, depending on how much you believe in sampling like this, when I did this three weeks ago, it was like 80 out of 90 thousand, not saying growth.

AC

It's growing three times over over three weeks. Just information I have a couple of clarified questions for the presentation. Do you have any date of volume numbers for how many sign? Oh there was a minimum of a thousand, but how many samples per I'm guessing each other's eleven swear sites? Is that what they were? Those are sites. Yeah do you have data volume, numbers and, and maybe more interestingly, what percent of the pageviews got nuked because they were repeat.

AA

We do have those numbers, I, don't have them at this presentation, but we do have those numbers. Okay,.

AC

And did they did those sites? Any of them includes sites that had their HTML cached. Did everything go to origin to get so everything time? No.

AA

Not everything so it depends. Some sites may have it configured to do pushes, despite the fact there are. Html pages may be cached at the edge. So if those 11 sites may have had HTML cached pages.

AC

It's possible some subset may have so so that would totally negate the advantage that push would give for those sites. Well,.

AA

Minimize well, theoretically, you should minimize the effectiveness of push in those cases, because we couldn't have the Idol Network right, great Thank, You.

U

Alan from Dell, Facebook, I guess I just wanted to say we have run the the slide, the blog post about, pushes, challenging and there's different implementations and browsers. It makes it hard it's not uniform amongst browsers how they implement it and it makes push challenging for us and particularly the way chrome works in how it does its push. Cache is incompatible with the way we want to operate things and we're not able to really push effective to Chrome.

U

So you know I think that maybe one reason why, from the chrome side you have one perspective and then from the CDN side, you may see something else: they're seeing other browsers that have different.

U

Different implementations on push Eric, Nygren I'm question for Brad I. Think one thing that might be interesting to do is also look at if there's a way to filter that by thing by cases where the push is happening in the server sink time. So, for example, cases where all the pushes that are coming in are coming in before you actually start with receiving the response for the base object.

U

That was requested because some of this might it might be that that one of the side effects here is is, if you have other stuff you can send. You should never push, and maybe that's useful guidance, and it might be interesting to see if we can of decouple the these cases of pushes pushes useful. If you have nothing else to send yet because you still doing something on the server side from the the people really badly misusing it by pushing stuff when they really should be sending something else. Instead,.

AB

That's a good point.

K

Mike we shop I, will also observe that both of you are collecting data off of Chrome and off of particular sites. So that's a good place to try and figure out where and where your methodology is diverging, because you have divergent results and I'm wondering if well one thing I observe is you did all navigations and you have only first navigations.

K

So that's going to impact things, a lot I think and Chrome's numbers would probably improve if we had cache digests because of that and I'm also wondering if it might be useful to pick a set of sites and do a joint experiment from both sides and see if numbers are still divergent and if so, why we had a hallway.

AB

Conversation along those lines.

A

Well, thank you. Both that was really interesting. I think we want to encourage more data like that, as we go on that. That's really good! Thank you right before we go to things real, quick one, we're having a session the barbed off next door in about five minutes for SRV and HTP. If you're interested in that and to where the blue sheets does anyone know where the blue sheets are there's one, and this is another one floating around there somewhere, okay! Well, hopefully, we'll find it. Oh. Thank you great all right.

A

Thank you all very much and we have another session tomorrow see you then thank you.

B

B

S

B

B