Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[connect-tcp] Discuss use of the Capsule Protocol #2847
[connect-tcp] Discuss use of the Capsule Protocol #2847
Changes from 2 commits
34ae1d6
71407cb
b4e6675
29f03cc
863fc1e
aeab5c1
f1c9783
d75aaae
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This latency cost is unfortunate, and could be avoided by making Capsule Protocol mandatory to implement for servers. However, that would increase the implementation complexity for a minimal compliant server, and should not be done lightly.
@DavidSchinazi @mnot
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, current design allows you to do various optimisations such calling splice (2) to avoid making copies to / from userspace, or pass the socket to some other process (with TLS being offloaded to the kernel). If we are to mandate the use of Caspules, those optimisations become impossible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A middle ground would be to keep this text, and later define a way for servers to commit to supporting the Capsule Protocol. Note that the HTTPS record would likely not work for this commitment, because it must be fully authenticated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I share the performance concerns. Something Ilthat came up when I talked about this with @DavidSchinazi is the possibility of having a $humongous data frame that extends to the end of the stream, so that endpoints can opt out of needing capsule framing if they don't believe they need to send any other capsules.
I havent thought exactly about how that works across intermediaries for the different use cases we discussed during the IETF 120 neeting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LPardue
I'm not sure if that solves the performance concerns; the approach provides a escape hatch for senders, but it does not provide a way for the receivers to stay out from the business of decoding Capsules.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Decoding capsules is pretty trivial. We're already decoding HTTP/3 frames and QUIC frames by the time we're reading this data stream.
That's not true when you're using HTTP/2 or HTTP/3, and there is no reason to optimize HTTP/1.1 at this point.
I really do care about allowing the client to send data with the request. And we can't do that without requiring capsule support on the server: we just need to say that any server implementing this specification MUST NOT read the data stream if it doesn't agree with the value of the Capsule-Protocol header sent by the client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I've reworked this text to make that safe while keeping capsule support optional, based on your suggestion.
I have heard that HTTP/3->HTTP/1.1 conversion at a gateway is a common pattern, so the performance of HTTP/1.1 may be significant even if it is not heavily used over the open internet.