[lamps] Re: CMCbis: SECDIR & HTTP Directorate Reviews - Input Requested
Mike Ounsworth <ounsworth+ietf@gmail.com> Thu, 25 September 2025 15:22 UTC
Return-Path: <ounsworth@gmail.com>
X-Original-To: spasm@mail2.ietf.org
Delivered-To: spasm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AE60C68C1DCD for <spasm@mail2.ietf.org>; Thu, 25 Sep 2025 08:22:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40yZZRo-AI6F for <spasm@mail2.ietf.org>; Thu, 25 Sep 2025 08:22:15 -0700 (PDT)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2A0AC68C1DC2 for <spasm@ietf.org>; Thu, 25 Sep 2025 08:22:15 -0700 (PDT)
Received: by mail-il1-x12d.google.com with SMTP id e9e14a558f8ab-4248c9a64f7so6041645ab.0 for <spasm@ietf.org>; Thu, 25 Sep 2025 08:22:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758813728; x=1759418528; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9B/GwazbV9c+nczpEYVkV6pSZoHhLVIBZ3a+nvEbMnA=; b=UDiYb9A43WYVfJMXhdozHoOPxP1tqyLFRy3dr37BsDjvHB7ihXznTZz7tRFYaV3ZaO KNWtp4Ul8ylsLMMDPOud5ZNVTZU5VNPYOi0+VQ6T3OutXkRYwTA4IT0EsYKxfFMhg4Up n65h7PTFKtLjOPUwDm0GuNbkuxyGCwdYY7hUEmOerj8ddZpDSvwpU05PYPI6KSVCjaQj qgmCsMzS2oTMN/PNlMeyenCuMkBy043ZmYV03aCyGd62cCTJxHst6Lx7K0sixuCdqXy4 l0Wg5HG6sNHTp5ywODRZZqMVuGx9bvJqpcMzNpndBbsbi4yW/G/G+KguOMdUuDMUrxPO VsRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758813728; x=1759418528; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9B/GwazbV9c+nczpEYVkV6pSZoHhLVIBZ3a+nvEbMnA=; b=j5gA7F4AmwBzQHY2EyO690w3TPq7H3qoV7EXMTDlBGLn7SRppnrps1MVu1MPtFCYxD meNdxSHrUMIkpMhsV2lBqCJ9ZB7dazfqdZF9yHmIxFwX9A8zVTITgPtFaMhXR91p7yl8 3FUd/6HU6S0IvC18MlBnQ3R37y9wkThSRZdN5pnLP/pQiI1m7q9o3ZjxUtYV8fE71WCv 7OvXLzr0hFEIsoLqAHhdcbo4mwuVJ4hsbmBa185hyVDfwAvQueik9Sv7MKU8c7lGY1/8 xenpVTgGo634zZ/td05DDA4vWfE35P/VVRogpvlvD/Ro+WAvYlqn2CarL3s3hynXkms5 0uUA==
X-Gm-Message-State: AOJu0YzLxmJtSCsd4S5AguCvqzkr28OYyKp7fzoMH0H8+YlhGnuvdHql Gwkx1G7WkMYdAXTJSaUdzZLEU4EF3H8yRkLEWwYQwn0HRlki3MbKfSUffiiRClmrdSglsC2n42f bY8Ii2jAkbl2ykYX0i1r2Cu+22oGxknjfuQ==
X-Gm-Gg: ASbGncsUVP4XEGm4P+NP/I1GPQxQQfuhHo2ydueCfWjM272UcnqbYge5yWmINwu0cZ3 PqNUNvSwxheWRSBt2WRP9qV2SSwu80VOhZa2I6u19ZuMCokJVZMoyNf3rAGgsFn7SDEltkehIgo RFmVhoTAOd7s6+xrwRDctKe6JuV+dx0/4dtq1V61AkAYrfBOrTYSntM+DeIBUKkjYUSKJun9tbH e8pL7ijQg==
X-Google-Smtp-Source: AGHT+IFDIGomPJu44Sed8IlLZEYeyCs+wxEdYEbc/47hKMJg3b3K79lAiXnebybao2hk4JuItHxlYdtDr0C61/tExvs=
X-Received: by 2002:a05:6e02:480e:b0:423:fd65:fefa with SMTP id e9e14a558f8ab-425c19aed36mr37228815ab.6.1758813727649; Thu, 25 Sep 2025 08:22:07 -0700 (PDT)
MIME-Version: 1.0
References: <14E7F2CB-2115-486F-BA37-07F14073D212@sn3rd.com> <CAKZgXHoRW0PHWM9vnLXo+NFx_U3VJq6cLyNrxy9Krpd1cdtR_Q@mail.gmail.com> <ME0P300MB07135566E6148862E06400DAEE1CA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <CH0PR11MB5739B9A09FB7265E5F0F64EA9F1CA@CH0PR11MB5739.namprd11.prod.outlook.com> <ME0P300MB07133AF9BFE0BB8B7AE30EC1EE1CA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <CH0PR11MB5739C563D79CEF48ADD8D99E9F1CA@CH0PR11MB5739.namprd11.prod.outlook.com> <89DB1F5D-8632-4B46-A955-796DEB15DBAF@sn3rd.com>
In-Reply-To: <89DB1F5D-8632-4B46-A955-796DEB15DBAF@sn3rd.com>
From: Mike Ounsworth <ounsworth+ietf@gmail.com>
Date: Thu, 25 Sep 2025 10:21:54 -0500
X-Gm-Features: AS18NWDp72HjmFTlcvklJ5Di-NpX1Qm0Rz4XG8AZzVrQZZo7s5N4Na1uoxGByxo
Message-ID: <CAKZgXHoJMSf=dRBcnB=2wn41TE4RpvtwhMxKdhgsm5DDgUrRLg@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Content-Type: multipart/alternative; boundary="0000000000007672fb063fa1bb9c"
Message-ID-Hash: XFG4RUUQ5WX6GL3EKJVHRVUAUMQMSNRD
X-Message-ID-Hash: XFG4RUUQ5WX6GL3EKJVHRVUAUMQMSNRD
X-MailFrom: ounsworth@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: LAMPS <spasm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [lamps] Re: CMCbis: SECDIR & HTTP Directorate Reviews - Input Requested
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/zeLHayhjzOkdD_KPRaIRH-dZEDE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>
Sean, That all sounds reasonable to me. On Thu, 25 Sept 2025 at 10:09, Sean Turner <sean@sn3rd.com> wrote: > Hi! Jumping up to the top of this thread to address #2. > > tl;dr: I think what’s in the draft (via PRs [0]) will thread these needles > (and the Directorate review needle). > > TLS is still not required, we don’t pick an HTTP version, and without > 2119-language say consult RFC 9205 (Building Protocols with HTTP). If you > do need protections from eavesdropping TLS is there - also no > 2119-language. We (kind of cheat) on the HTTP version by referring to RFC > 9110; RFC 9110 then refers to the HTTP/1.1, HTTP/2, and HTTP/3. If you > choose to use TLS or if you pick an HTTP version (or implementation) that > includes TLS or QUIC, then you need to follow BCP 195; if you’re using TLS > 1.3/QUIC, don’t use 0-RTT, because POST is not idempotent. AND, the last > bullet is a bit of waiver (no 2119-language) that says POST is what is used > so only the rules that apply to POST are relevant. > > spt > > [0] https://github.com/lamps-wg/cmcbis/pulls > > On Sep 24, 2025, at 09:19, Mike Ounsworth <Mike.Ounsworth@entrust.com> > wrote: > > Peter, > > I think we're not going to agree. > > I think "Does it need HTTP/2.0" is not the right way to look at it, but > rather "Is there a good reason to restrict this to 1999 technology when the > modern web is better optimized over more modern transport protocols?" > > Anyway, we've both said our piece. I'm going to let this thread lie. > > --- > > *Mike* Ounsworth > > ------------------------------ > *From:* Peter Gutmann <pgut001=40cs.auckland.ac.nz@dmarc.ietf.org> > *Sent:* Wednesday, September 24, 2025 8:01 AM > *To:* Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; Mike > Ounsworth <ounsworth+ietf@gmail.com>; Sean Turner <sean@sn3rd.com> > *Cc:* LAMPS <spasm@ietf.org> > *Subject:* [EXTERNAL] [lamps] Re: CMCbis: SECDIR & HTTP Directorate > Reviews - Input Requested > > > Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> writes: > > >I think it's fair to say that everybody implementing this standard MUST > >support, at a minimum, HTTP/1.1, but I don't see any good reason to forbid > >versions of HTTP newer than 1999 (RFC2616). > > The problem is that if you don't make noises about not using HTTP/2 then the > near-universal response I've seen is "2 is bigger than 1, therefore we want 2" > without having any idea why they want 2. I'd be happy with something saying > that /1 is the universal substrate so implementations should use /1, and if > they want /2 then be very clear why they actually need /2. > > It's possible to construct artificial scenarios where you need to use /2 or /3 > or /42, but if the spec allows /2 then users will ask for /2 whether it makes > any sense or not, and whether it's possible to give them /2 or not, purely > because 2 > 1. > > Peter. > _______________________________________________ > Spasm mailing list -- spasm@ietf.org > To unsubscribe send an email to spasm-leave@ietf.org > > *Any email and files/attachments transmitted with it are intended solely > for the use of the individual or entity to whom they are addressed. If this > message has been sent to you in error, you must not copy, distribute or > disclose of the information it contains.Please notify Entrust immediately > and delete the message from your system.* > > > _______________________________________________ > Spasm mailing list -- spasm@ietf.org > To unsubscribe send an email to spasm-leave@ietf.org >
- [lamps] CMCbis: SECDIR & HTTP Directorate Reviews… Sean Turner
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Mike Ounsworth
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Mike Ounsworth
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Peter Gutmann
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Peter Gutmann
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Salz, Rich
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Mike Ounsworth
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Sean Turner
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Mike Ounsworth
- [lamps] Re: CMCbis: SECDIR & HTTP Directorate Rev… Sean Turner