IETF Logo Mail Archive

[lamps] Re: CMCbis: SECDIR & HTTP Directorate Reviews - Input Requested

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 24 September 2025 12:52 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@mail2.ietf.org
Delivered-To: spasm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CE418680A701 for <spasm@mail2.ietf.org>; Wed, 24 Sep 2025 05:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.792
X-Spam-Level:
X-Spam-Status: No, score=-2.792 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYZuf5AN_qL6 for <spasm@mail2.ietf.org>; Wed, 24 Sep 2025 05:52:50 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3D426680A6F6 for <spasm@ietf.org>; Wed, 24 Sep 2025 05:52:50 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 58O7TifP2344956; Wed, 24 Sep 2025 07:52:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=mail1; bh=3nF6WTWOVjoAP1jeNSqXKp/hMMfo vNQXfSm4JfZRUV0=; b=boUqwRlm/KcHw762on9XKrFH88tI02zImtcp+e0m5Xxd pPpFRabpV5+hOPLW34f56oVGZyhKNYL2Ro0Ri22hmYzwrZ0f3tBhrQ1i+i190cD8 Bmxv+aOvjyFJU4CBnNXz3rVy0DrQg4AXJS/WiVBQcZnJEStyN1nm9TLWGGXANjuu TSXW4KkqQkSvX4XzMinJzs4QSfYTwXuxzj3lho1PYoQsSw3p2ih7s2yZeAf814/5 u937X15JQFLkFVZRWux0BBbnAoaQCEDprWsAEDBvo1x6yNfyR6UcliJv1r7A6jPB KcphhLub/XyztMV4cNxJ58sFwggRUSTp9Gcc8ThXag==
Received: from ch5pr02cu005.outbound.protection.outlook.com (mail-northcentralusazon11022134.outbound.protection.outlook.com [40.107.200.134]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 49cca2rntf-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Wed, 24 Sep 2025 07:52:41 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qEWhYQF1bfDK8mMJVTfc4jC6aji1USedApVe5t2DHV3v7trOL1WLtF6tx2MPut08tfQt8OjNaHwvo1n1pqwQCE8FWYLG4n2g2ZZpJ8fFyf8LFVsxpF2Yxog874t1jKXrh7TsBNojnqoHoZueNn326pBMvLgyJ7FepE2fiAFG8vZmOAJCTKfCCg+1pJLfFMg89iSTH60HIEDHJGSjc1uYH11u3dCxaeDvTnu4pgwO0hrKZA7DK8suDrxwTqG4URKFsdOG/ob0Bly2BQDdN3ZbYsi7sIuXDXf3LoeDp+Uzb5wOLeVI8g9G1ucor30DSujUIszI8Bg8Tz7LZ8u5Qt8j6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Aur15VWzzz1ImORCMjMfx18q5xf1x/g+/qfLLzvmnI4=; b=CYP09G4GO+h7n1E55dMcz1HH6LksuY3Xtv8ZJi2ruLIo69g54NxVNcJ3zkK+TZWydyz3gcd00AN1BEauLReQ0DwmxC1AazVLgzVRQduzE/Rz35IUsM2KABbpiJJjSu2WN6wCRAz7/nnQt127GlLk4kK12HMwjLv4wXofdTM23Dt9Moj8pnPRtTGotu+b0v1yWRXHk8dAi5LjLfkMotK0J35op39hSfLV+xKJgTZtAgN9bm3POMCe9oI6gKrf30KzqkW80sCg9lVrsdq8FWp4PUPt+koE09Bun8gRWD4yxEjXFRGPau+RRfLiE8JZiwCoQrnczaMVIwXMKME3RscT0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CO1PR11MB4881.namprd11.prod.outlook.com (2603:10b6:303:91::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9160.9; Wed, 24 Sep 2025 12:52:38 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702%7]) with mapi id 15.20.9160.008; Wed, 24 Sep 2025 12:52:38 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Peter Gutmann <pgut001=40cs.auckland.ac.nz@dmarc.ietf.org>, Mike Ounsworth <ounsworth+ietf@gmail.com>, Sean Turner <sean@sn3rd.com>
Thread-Topic: [lamps] Re: CMCbis: SECDIR & HTTP Directorate Reviews - Input Requested
Thread-Index: AQHcLUszAbWYYcdvTESaUNR9naNjCrSiRd9N
Date: Wed, 24 Sep 2025 12:52:38 +0000
Message-ID: <CH0PR11MB5739B9A09FB7265E5F0F64EA9F1CA@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <14E7F2CB-2115-486F-BA37-07F14073D212@sn3rd.com> <CAKZgXHoRW0PHWM9vnLXo+NFx_U3VJq6cLyNrxy9Krpd1cdtR_Q@mail.gmail.com> <ME0P300MB07135566E6148862E06400DAEE1CA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
In-Reply-To: <ME0P300MB07135566E6148862E06400DAEE1CA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CO1PR11MB4881:EE_
x-ms-office365-filtering-correlation-id: 48c6dde4-39fe-4846-ad8b-08ddfb693dae
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|4022899009|1800799024|8096899003|38070700021|7053199007;
x-microsoft-antispam-message-info: K0LnrqGB2o1V1UMqESU717IFkE1XD/bYC2Mm0KTj79ToJXOwhfk9JwPPwVvlaehS9RTOjRN9Awz7o4tQAZU6rrPQL70gOZmOipw46/QIez5sawYP8ZpIN1qL3pxL7xUTJ58LrhFaMz50jzpDPSLmjwUZkh06dVTH8/Bx99W61cNlNhCvh3qM94VUS6DQVRBK9koXudkzInw0gnjRDtdEyi12Krg/QrkQ4N5F3KJZkGS0jEZDcxUR4sZl6rOcW0ccRSv6q5ILfjFY/haAtv1P6MZIPt5lxt7Qg7v1gMiRWkz29F9gI1EKsw+fqP8B2PXA9Xc0/mmE6BupIiALNW3Bf1eVi5MSN2oZKlLPa1Q4FRDi+n2you0PzzjhtY561XOcTV0IpL8qIGk0IvscmhdKr0ihoLRipo+ow1UeFZV4YTrS1eCQ8TfA9wfP8m/looBevYD6SXUrMCDJitXXXoGAkYpkQ/+jIdAEGnVKMgZLAdp2GiEgImWtDophC5TBB1mrTw25+YgUoRonmu2XRBB1BojPS9Y2+E5Nsudk8vVX/8hoV0XreCfIUf5F5e9JVT8NRT+WPvUdB+YtgihH0r/2djONb+aLSbxKJ8MXMsY8XkXTRwmSEMfsGdASn3RLRYCltiiAYtdcunlRUhv/+r+4Azlf7SPyiO9cuqOGD9jL5RPt0Lhidw7ycXUPfiJTvjMTKT/DdfA/PwiMIosCjnbMq9A0I/qxtg9dSR1RKODH3t97AwjtS+gxdoTxuoLoS2BtHUOC3FjN2nOSmlsAkB0TI4HvqhB6FD+YL9h8tossbskKjiw1G0N0BhjlQESo9twVGdmSKXoY4cQuzlPe0a65+DwEfkPc1yMyfduCexfyxPUKZUWUHfEm95eq9JHeKjZq3BzIshpt/MqerbnGHPt1J5L9IQuScsbPo+3/wxnmQ0Dtv/eoITL2qMNZX6EdYgw/oSks0tLE2kbTSpv4juV0rAJvKtWHQjzlhgb2AWQPvjoULR7NJB+pHmg5Y+CBrgXURMgr+18oVshEhr0na5LGO8/IJYeG47/2JkvlmZ6JLehGfvrkNXkU3mP03AFnUqlQWYgMY/jRMPq/Sjp2omE8rOqr8JFXfyYwFy+VoKQFBizNU/valGGueGcOTTevhZKLzqIp215s2zG7kNt9WNRi8ctTmJ74QsB2E9VskNKApRN0iyVRkbqJ3jZJQuvRc/zJ8h/BTUBVdsTSAQ0oB7LZdLSLiDSF4yWfE+z0roy6QnCDFEiH1ulz8eVdGs4x9PVHNEFZQ/IG1bTPgxxo4J5FvIaq4wVxL8Zx9BpJlxIpxr+m3YT53pyXNQCi/QIIdIuXViY5MoQ+Hk230DS5YviLx0LGR8C5JVTsy/yN5YVhNvawLsaRQH+w6SlFkgHhCbLj9C3Zpzyq5LOaf4h/apGj1a9hRFIA8fHld3PZlCLftXKf8MgSiSZZma2ESeDH/J7Ds3ld1YLt8QYcgr4U2A0Gd9q7WImDlCB4ctw+frc65vU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH0PR11MB5739.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(4022899009)(1800799024)(8096899003)(38070700021)(7053199007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dRMvVoJYOV7Q563W2NpcZ2UoPCO+UBuci2vJu74oznH3MqXcCrrLP4CUWaCImxKvmuj0AUSXqzpjZGHs/3Lacccds9NpKBipAB7UfwFkp+J6AG9sAa4gN+qkVY7eDj8KtKUqfgX7gbWeYztTAqfIf2ntgNwrdQm4HtoLceLgcJ+hzLMtGH7Tf0d2XERvjZxyMle0aBrBtSzsgZFkjgKa1WIN9XQEFm8gyYGifMT/6lG0Bac4LMzBA0ORWN8uQaXbf0WvrdosORdc2mfcR6ra5Ghl6OO674l09FQlVj0gwei17niIGk5lv8J0eeL2oDwNHlaeujGz52GW0HiVimkO4igNAtQSJv4rX4MZRsEZUeEwjHw7xh2TUWdTpIUus0x5ecqG2B6Yy2eW/eizmg8/TBGhV0a0fZbao3F7DrTst+1hnk0Acg1tNqaRSCv+NIC7W2tgdSDzkjMXTDzg1qreJV+YFyLBoJRsnd817wewPo/lLFFibqU3Trr1q3Mkhnico4XDyRWBmbjBphUZ4xo7HdcmntKqkYdaXbFNs+K1Zu1mOQDYzR7ULYCabum8YE/44ROpA+npL2U9Fpc/XwOLpFCoA5m74/lTGfeRDUe5zmaCtY7CGK/Wz3x+S0Pf90KMdRGdtNExbVGMocjnFVKCuJEWEGrNUC9TX8yghOSLYbvTi4QC+D/IcQtV3irEkw2ibau9bz9G22l6sompEV/W1mUkc+7zHdemegrf3G7lo6//MBnn/zARBY2E/Jzd21yZrDX+XofuyKdnO7RwaQv21LQVBSZk4ubXSbVDs2iUlwTjHQLWE+bQoZNq6vclZxtSFOxAEyNbao7d5CQ1O9jFvIcYhEnjkuOeBBywgtwCbQxuNvc4roiC3WqgJtQiXC6c5I4bDWH4ZlceeXTOLjQmuFfjLeAXhwuDpC9qqiR1SHchQ5EjlD7bmMfdl3P1DVEau83BDzdbR9P3k2KGzG5ZTTw9WP/nX6Ar/KIOU2psuT8TT04Q+WWF8FyGNxfOV00xG+uNfgnCCVeDnIN52FAA4wUysQ9UkYXHyENmgbtMkbW9dHaaSJEZZK8mSwEQVpmTfMdrfKVkAFk79gTqrykcQru4abMsYh7k2hqXCatQm68t60n3mRXI+PNwuPUSlYEgGd3051AIYrsVXGosL1xK/WG+pEegnCxxxU2S9yM/U0pjU9XkaCh5G2uw7J1et3wXdFJoTC0ntQyEFN7CsHq1J5zn6Wsk95D0c+IkzL/qKD7qHxQwEe3+Crx0/f9uia+A0xcT1Z16EX5wwbqUu/YU+rgAc92BNhjdMZu3UjAHbH/CJP/HSjt9jjqTdeJGa2J6LBfLf+4sMYPIYNmQjO9jCjNXk5ryMEykmFQI/6jSlekIUVASc2+3V4/B2d8QwxdWoEyjat0H/x0ebMqP+NYNWfwPCaXaHaYzPNdTOyMeCPTfOBK1hwoFN0169nPqFm1WEKDhKIW9YA3GHceh1KHBeUXle55D8TNLFb1bDzoWhqoXDpCXz+Ina7+YYnIW0FNE/ucsK0wWZpvk1xXklxRgEYKr/mmB0+4TY4ArTLcjVAPTNmRjznxcUNJ4gvMnQHYnxc9da2jcP8DUNgml8okD+w==
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739B9A09FB7265E5F0F64EA9F1CACH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 48c6dde4-39fe-4846-ad8b-08ddfb693dae
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2025 12:52:38.0887 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZnZUR6zCIEmDBLPm9BiF3L/ncNXoJx4hN2UD7G8VBhvtwMVB2OxGobm/u1LCxSuEK1x6qJewtOtnVrVcU3/LU+zC3jO83NZRtKKCU7xYP3Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4881
X-Authority-Analysis: v=2.4 cv=LIlmQIW9 c=1 sm=1 tr=0 ts=68d3e999 cx=c_pps a=F73h8j7GW/HWX4SYN5/luA==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=FEbzDYiKvWYA:10 a=48vgC7mUAAAA:8 a=pGLkceISAAAA:8 a=BivtZg0fAAAA:8 a=eb5dz34ihx1fBfGrnUcA:9 a=QEXdDO2ut3YA:10 a=SeF70VxV7BZkOtftGe0A:9 a=2q4O/K3rjNU7EHYdBHB6dYyilSc=:19 a=woc_IvOMH4gNRkRO:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=6hzDGdwgND3JRs1QQWkJ:22
X-Proofpoint-ORIG-GUID: VzDZW0519M5VWv67eFs31zhbSQnVJY04
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTI0MDExMSBTYWx0ZWRfXxo1W7S80uUZg ZP+9rJh3f+MizmJBGiskgBz9fkmtpUGPe/MgDu6QnkyCJKoIkN1Kx91Td3JNqkKBsXXcPQcKixK UdBtMvrrJsqC2hVQRnOBIEgFl6GWF3b/UgrpM8+Bi/2Seg/bBaXQV0NEbG40ZIUXgjqHqAtzir5 65lUsP1za3nVTGr9QfwhepP3ancfrkPAbJhj9X9rb8fqned69tQJY7VbKASu1ThnaViqK0OZnio 43Hf7cwNSQ1AYRzNTqEy+KsGN93+8Q1TsX2Q9ZCpF3HGIBz/xoYTw8WBkmWwUBMsQgDYSa40/js L7nKb8UphmArGM255JwYXOnFkX19CbIegQghM1cvBRpNmb9J6Xt8o2rskgzfTE=
X-Proofpoint-GUID: VzDZW0519M5VWv67eFs31zhbSQnVJY04
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1117,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-24_03,2025-09-22_05,2025-03-28_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 spamscore=0 adultscore=0 bulkscore=0 phishscore=0 priorityscore=1501 impostorscore=0 clxscore=1011 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun
Message-ID-Hash: UQ2MQQQKDZEVZ4U7CONE24LF73TCDBPC
X-Message-ID-Hash: UQ2MQQQKDZEVZ4U7CONE24LF73TCDBPC
X-MailFrom: Mike.Ounsworth@entrust.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: LAMPS <spasm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [lamps] Re: CMCbis: SECDIR & HTTP Directorate Reviews - Input Requested
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/z78HY3G49kqaIPgy6U6OA8fTtHc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>

Hi Peter,

I respectfully disagree.

This is an issue of "MUST support" vs "MUST only support" vs "MAY additionally support".

Let's say you deploy your PKI service in a public cloud where it sits behind some massively multi-tenant public HTTP proxy. And say the PKI client is running on top of the http module from the latest version of python. Then it's plausible that both client and server would prefer to do HTTP/3 over QUIC (or whatever the latest and greatest web transport is) — likely in fact if that client and server have been doing a lengthy back-and-forth of which the CMC payload is just one part. Why is it to anybody's advantage to force them to open a new TCP and TLS session on HTTP/1.1 just to carry that one CMC payload?

There are some protocols where the payload is intricately tied to the transport — ex.: how you parse the payload changes based on the HTTP headers, or security of your payload depends on a signature carried in a standardized HTTP header. Then it becomes important for correctness and security to lock the version of the payload to the version of the transport because the syntax and semantics of the transport could change over time. But I don't think that's the case here; my understanding is that the CMC DER payload is self-contained, so I don't think CMC *really* cares how it is transported (HTTP 1.1, HTTP 3.0/QUIC, floppy disk, ticker tape wrapped around a carrier pidgeon — correct me if I'm wrong Sean or Joe).

I think it's fair to say that everybody implementing this standard MUST support, at a minimum, HTTP/1.1, but I don't see any good reason to forbid versions of HTTP newer than 1999 (RFC2616).

---

Mike Ounsworth



________________________________
From: Peter Gutmann <pgut001=40cs.auckland.ac.nz@dmarc.ietf.org>
Sent: Wednesday, September 24, 2025 6:40 AM
To: Mike Ounsworth <ounsworth+ietf@gmail.com>; Sean Turner <sean@sn3rd.com>
Cc: LAMPS <spasm@ietf.org>
Subject: [EXTERNAL] [lamps] Re: CMCbis: SECDIR & HTTP Directorate Reviews - Input Requested

Mike Ounsworth <ounsworth+ietf@ gmail. com> writes: >we ran into similar HTTPdir comments with the recent CMP-over-HTTP (RFC9811), >we decided there that we actually don't care one bit whether you want to do >this over HTTP 1. 1,


Mike Ounsworth <ounsworth+ietf@gmail.com> writes:

>we ran into similar HTTPdir comments with the recent CMP-over-HTTP (RFC9811),
>we decided there that we actually don't care one bit whether you want to do
>this over HTTP 1.1, HTTP 2.0 or some future HTTP 4.8.

Ugh, no, it should be HTTP 1.1 and no other.  PKI protocols use HTTP as a
substrate, not as a means of downloading YouTube videos, so shouldn't be
required to implement the huge complexity (and attack surface) of HTTP/2 just
to be able to get a certificate from A to B.  This was explicitly stated
during the HTTP/2 standardisation process when someone asked for support for
HTTP/2 as a substrate for non-web use and the WG response was "let them eat
HTTP/1".

Peter.
_______________________________________________
Spasm mailing list -- spasm@ietf.org
To unsubscribe send an email to spasm-leave@ietf.org


Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.38.3 | Report a Bug | By Email | System Status