I'm seeking guidance. It might be that this is a job for lwig, or perhaps
there is already a document which details how to do the profiling I care
about. If so, please point me at that.
In ANIMA's BRSKI protocol, which is based upon RFC7030 EST, we run over HTTP
1.1 today using a single TCP connection.
It's HTTP over TLS ("HTTPS") [h2c?] rather than an upgrade.
In BRSKI there are state issues with both the TLS and the HTTP process.
The TLS server certificate is not trusted by the client until after at least
one RESTful interaction occurs. Only once that has occured is the connection
considered secure.
We are concerned about how the protocol could become broken if used with
HTTP2 with interleaving of requests/responses. With HTTP (port-80)
transactions, using the RFC7540 section 3.2 upgrade, one could just decline
to ever do the upgrade and be done. With HTTPS, this is negotiated in
the TLS connection, so one can go to HTTP2 directly, I think.
While limiting ourselves to HTTP/1.1 might be a good policy, I worry that
at some point in 10 years, the HTTP/1.1 code might be in the library only to
support our use case, with the application code on the device having moved on
to HTTP2 only.
What I think we are looking for is a set of things we can specify that
will make HTTP2 as deterministic (and slow!) as HTTP/1.1. For instance,
I think that
SETTINGS_MAX_CONCURRENT_STREAMS = 1
would do 90% of it. Should we turn off PUSH?
Can/should we recommend lower values for window sizes, etc?
(ANIMA end points are not constrained in the IoT/RFC7228 sense, but rather
are control plane CPUs, with megabytes of ram, often partitioned at boot
time. But, ANIMA BRSKI may also applies to Web connected devices like the
baby monitors that have wreaked havoc.)
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature