Using TLS 1.3 with HTTP/2
draft-ietf-httpbis-http2-tls13-03

[Ballot comment]
Thanks for this; I just have some minor nit-level comments; no response necessary.

Abstract

  This document updates HTTP/2 to prohibit TLS 1.3 post-handshake
  authentication, as an analog to existing TLS 1.2 renegotiation
  restriction.

nit: either "restrictions" or "the existing".

Section 1

  TLS 1.3 [RFC8446] updates TLS 1.2 to remove renegotiation in favor of
  separate post-handshake authentication and key update mechanisms.
  The former shares the same problems with multiplexed protocols, but
  the prohibition in HTTP/2 only applies to TLS 1.2 renegotiation.

nit: I'd suggest referring to a specific RFC rather than "HTTP/2" --
this document will in some sense become part of "HTTP/2" upon
publication :)

Section 3

  HTTP/2 servers MUST NOT send post-handshake TLS 1.3
  CertificateRequest messages.  HTTP/2 clients MUST treat TLS 1.3 post-
  handshake authentication as a connection error (see Section 5.4.1 of
  [RFC7540]) of type PROTOCOL_ERROR.

nit: is it the authentication or the request thereof that is the
connection error?

Section 4

  Unless the use of a new type of TLS message depends on an interaction
  with the application layer protocol, that TLS message can be sent
  after the handshake completes.

I don't see anything better to say than this, but ... will
draft-ietf-tls-exported-authenticator be considered to "depend on an
interaction with the application layer protocol"?
(Also, nit: hyphenate "application-layer".)

[Ballot comment]
Please update the Abstract to say something like:
"This document updates RFC 7540 by  forbidding  TLS 1.3 post-handshake authentication." or similar.

Also, thanks to Tianran for the OpsDir review.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-ietf-httpbis-http2-tls13-02, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2019-10-11):

From: The IESG
To: IETF-Announce
CC: httpbis-chairs@ietf.org, draft-ietf-httpbis-http2-tls13@ietf.org, Mark Nottingham , mnot@mnot.net, ietf-http-wg@w3.org, barryleiba@gmail.com
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Using TLS 1.3 with HTTP/2) to Proposed Standard


The IESG has received a request from the Hypertext Transfer Protocol WG
(httpbis) to consider the following document: - 'Using TLS 1.3 with HTTP/2'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2019-10-11. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  This document updates HTTP/2 to prohibit TLS 1.3 post-handshake
  authentication, as an analog to existing TLS 1.2 renegotiation
  restriction.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-httpbis-http2-tls13/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-httpbis-http2-tls13/ballot/


No IPR declarations have been submitted directly on this I-D.

# Shepherd Writeup for draft-ietf-httpbis-http2-tls13

## 1. Summary

Mark Nottingham is the Document Shepherd; Barry Lieba is the responsible Area Director.0

This document updates HTTP/2 to prohibit TLS 1.3 post-handshake authentication, as an analog to
existing TLS 1.2 renegotiation restriction.

Its intended status is Proposed Standard.

## 2. Review and Consensus

This document was prepared when Working Group members noticed that the restrictions for post-handshake authentication in HTTP/2, which were designed with the constraints of TLS 1.2 in mind, no longer were necessary for TLS 1.3.

Therefore, this is a very short update to address that. It has wide support amongst the working group, including from implementers.

## 3. Intellectual Property

The author has confirmed that to their direct, personal knowledge, all IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79.

## 4. Other Points

None.

# Shepherd Writeup for draft-ietf-httpbis-http2-tls13

## 1. Summary

Mark Nottingham is the Document Shepherd; Barry Lieba is the responsible Area Director.0

This document updates HTTP/2 to prohibit TLS 1.3 post-handshake authentication, as an analog to
existing TLS 1.2 renegotiation restriction.

Its intended status is Proposed Standard.

## 2. Review and Consensus

This document was prepared when Working Group members noticed that the restrictions for post-handshake authentication in HTTP/2, which were designed with the constraints of TLS 1.2 in mind, no longer were necessary for TLS 1.3.

Therefore, this is a very short update to address that. It has wide support amongst the working group, including from implementers.

## 3. Intellectual Property

The author has confirmed that to their direct, personal knowledge, all IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79.

## 4. Other Points

None.