Brian,
{I have been on the httpbis list, but I'm not right now, and I know that
w3 and IETF do not share their whitelists, so this might not work}I was thinking about something-something-certificate yesterday while cleaning/swimming my pool. (A long thankless task, as the pool is not heated, we've been getting very a-seasonal *snow*, and nobody in my family but me will swim in it until it's "perfect". Also we have many many trees, which we won't cut down. You can see how my mind might wander) [This discussion would be better done with beer and napkins.] So I am thinking that we need to create a "digital twin" in the back-end server for the front-end TLS state machine. It needs to reflect the current state at a level of detail appropriate for the application. Thus, a single header isn't enough, although there could be some degeneration that results in a single header. We need a few variables to update. I think we have a choice between: 1) sending the state (possibly a few kb) on every transaction, which keeps the protocol stateless. We could explore ways to encode it: CDDL+CBOR seems like a good thing. TLS structures are another obvious choice, but that's a detail. 2) assuming that state will be maintained by both ends, and simply updating the state appropriately. When it comes to this, I think of the HTTP PATCH methods, but I'm not sure I mean this literally. It's the model of having a few objects per-connection that the TLS front-end might update on the backend, and making the management of the TLS connections explicit. Alternately, the TLS front-end could maintain a RESTful interface on a per-connection basis that the back-end could interrogate. The header would just provide the right reference to that. The RESTful interface could even be pushed/updated into some other CPU on the TLS terminator. This is cleaner, but this has read-latency round trip issues, while pushing the state out on each HTTP request (or uwsgi, fastcgi, ...) seems a lot more pipelined. Or MQTT :-) To this, I think we'd have to look at the RFC8446 Appendix A.2 state machine and figure out how to express this. I don't really see re-auth in that diagram. Maybe I'm overthinking here, but given the opportunities in TLS 1.2 and 1.3 for newer states, and the review from TLS experts on the header, this might be cleaner and less of a hack to get the additional things in. This data model mechanism also better accomodates the split between those who need the entire certificate chain (w/ and w/o trust anchor used), and those that just care about the EE involved. --- I don't know, in a HTTP/3(QUIC) world, what the TLS front-end/backend connection looks like. I haven't entered such a world personally. TLS front-end systems *are* collecting/storing state on a per-client connection basis, whether the transport is QUIC or not. I don't think it scales well to try to spread that state across load balancers, you want to split the traffic before the TLS terminators in order to horizontally scale them. A thought that I have is that with a move to HTTP/3, that the need for something-something-certificate declines. A model that I could see in such a situation is that since the bulk of the transport is via QUIC, it could be that it makes less sense to have TLS hardware terminators; by careful use of port numbers to demux upon, and/or IPv6 addresses, it might be easier to load balance directly to application servers, and just horizontally scale them wider. The hardware TLS offload box then is only important for adapting HTTP 1 and HTTP/2 connections to HTTP/3. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
