httpbis                                                       C. A. Wood
Internet-Draft                                                Cloudflare
Intended status: Standards Track                            7 March 2022
Expires: 8 September 2022


        HTTP Connection Reuse Based on TLS Encrypted ClientHello
                  draft-wood-httpbis-ech-coalescing-00

Abstract

   This document specifies new criteria under which HTTP/2 clients may
   reuse connections.  It updates [RFC7540].

Discussion Venues

   This note is to be removed before publishing as an RFC.

   Source for this draft and an issue tracker can be found at
   https://github.com/chris-wood/draft-wood-httpbis-ech-coalescing.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 8 September 2022.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components



Wood                    Expires 8 September 2022                [Page 1]


Internet-Draft       ECH-Based HTTP Connection Reuse          March 2022


   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  ECH-Based Coalescing Policy . . . . . . . . . . . . . . . . .   3
   4.  HTTP/3 Reuse  . . . . . . . . . . . . . . . . . . . . . . . .   3
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   5
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   The HTTP/2 connection reuse policy requires is stated as follows:

   Connections that are made to an origin server, either directly or
   through a tunnel created using the CONNECT method (Section 8.3), MAY
   be reused for requests with multiple different URI authority
   components.  A connection can be reused as long as the origin server
   is authoritative (Section 10.1).  For TCP connections without TLS,
   this depends on the host having resolved to the same IP address.

   For "https" resources, connection reuse additionally depends on
   having a certificate that is valid for the host in the URI.  The
   certificate presented by the server MUST satisfy any checks that the
   client would perform when forming a new TLS connection for the host
   in the URI.

   Thus, HTTPS connections require that the target resource hostname
   resolve to an IP address that matches that of the candidate
   connection for coalescing.  This IP address match ensures that
   clients connect to the same service.  If a server changes IP
   addresses as a means of mitigating hostname-to-IP bindings, clients
   are less likely to reuse connections.  This can have performance
   problems, due to requiring an extra connection setup phase, as well
   as privacy problems.

   In short, using unauthenticated IP addresses as a signal for
   connection reuse is fragile.  This document relaxes this requirement
   and introduces another signal based on HTTPS RR answer contents
   [HTTPS-RR].



Wood                    Expires 8 September 2022                [Page 2]


Internet-Draft       ECH-Based HTTP Connection Reuse          March 2022


2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  ECH-Based Coalescing Policy

   The HTTPS RR [HTTPS-RR] is a new resource record used for conveying
   service information about a HTTPS endpoint to clients.  Some of this
   information includes, for example, TLS Encrypted ClientHello (ECH)
   [TLS-ECH] public key material.  The set of hosts behind the same ECH
   client-facing service provider that share the same ECH and TLS
   configuration information is referred to as the anonymity set.
   Client-facing servers SHOULD deploy ECH in such a way so as to
   maximize the size of the anonymity set where possible.  This means
   client-facing servers should use the same ECH configuration
   (ECHConfig) for as many hosts as possible.

   This type of deployment model means that a given ECHConfig uniquely
   identifies a given service provider.  As a result, clients can use it
   as a signal to determine if a given resource is hosted by the same
   service provider.  Thus, the HTTP/2 connection reuse policy is
   modified to use this signal as follows:

      Connections that are made to an origin server, either directly or
      through a tunnel created using the CONNECT method (Section 8.3),
      MAY be reused for requests with multiple different URI authority
      components.  A connection can be reused as long as the origin
      server is authoritative (Section 10.1).  For TCP connections
      without TLS, this depends on the host having resolved to the same
      service provider.  Clients may implement this check in one of two
      ways: (1) by comparing for equality the resolved IP address to
      that of the original connection, or (2) by comparing for equality
      the "ech" SvcParamValue in the resolved HTTPS RR answer.  For the
      latter case, the original connection MUST have successfully used
      the "ech" parameter to negotiate TLS ECH.

4.  HTTP/3 Reuse

   The HTTP/3 connection reuse policy [HTTP3] does not require IP
   addresses to match.  However, as HTTP/3 is based on UDP, some clients
   may fall back to HTTP/2 over TCP in networks where UDP is blocked or
   otherwise inoperable.  Thus, the policy described in this document
   only applies to HTTP/2.




Wood                    Expires 8 September 2022                [Page 3]


Internet-Draft       ECH-Based HTTP Connection Reuse          March 2022


5.  Security Considerations

   Existing coalescing policies do not require IP address authentication
   via DNSSEC.  Thus, an adversary which can spoof A or AAAA responses
   can equally spoof HTTPS responses and ECHConfigList values.

6.  IANA Considerations

   This document has no IANA actions.

7.  References

7.1.  Normative References

   [HTTPS-RR] Schwartz, B., Bishop, M., and E. Nygren, "Service binding
              and parameter specification via the DNS (DNS SVCB and
              HTTPS RRs)", Work in Progress, Internet-Draft, draft-ietf-
              dnsop-svcb-https-08, 12 October 2021,
              <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-
              svcb-https-08>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC7540]  Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
              Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
              DOI 10.17487/RFC7540, May 2015,
              <https://www.rfc-editor.org/rfc/rfc7540>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [TLS-ECH]  Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS
              Encrypted Client Hello", Work in Progress, Internet-Draft,
              draft-ietf-tls-esni-14, 13 February 2022,
              <https://datatracker.ietf.org/doc/html/draft-ietf-tls-
              esni-14>.

7.2.  Informative References

   [HTTP3]    Bishop, M., "Hypertext Transfer Protocol Version 3
              (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf-
              quic-http-34, 2 February 2021,
              <https://datatracker.ietf.org/doc/html/draft-ietf-quic-
              http-34>.



Wood                    Expires 8 September 2022                [Page 4]


Internet-Draft       ECH-Based HTTP Connection Reuse          March 2022


Acknowledgments

   This document was improved based on feedback from David Benjamin,
   Tommy Pauly, and Martin Thomson.

Author's Address

   Christopher A. Wood
   Cloudflare
   Email: caw@heapingbits.net









































Wood                    Expires 8 September 2022                [Page 5]