[apps-discuss] For consideration as an appsawg document: draft-hoffman-server-has-tls-03.txt

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 17 January 2011 02:39 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 781C228C0EF for <apps-discuss@core3.amsl.com>; Sun, 16 Jan 2011 18:39:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.709
X-Spam-Status: No, score=-101.709 tagged_above=-999 required=5 tests=[AWL=0.337, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id eawT2RVgVoOE for <apps-discuss@core3.amsl.com>; Sun, 16 Jan 2011 18:39:03 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM []) by core3.amsl.com (Postfix) with ESMTP id AF78E28C0EC for <apps-discuss@ietf.org>; Sun, 16 Jan 2011 18:39:03 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net []) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0H2fZV0085552 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <apps-discuss@ietf.org>; Sun, 16 Jan 2011 19:41:36 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D33AC5F.3010609@vpnc.org>
Date: Sun, 16 Jan 2011 18:41:35 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: apps-discuss@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [apps-discuss] For consideration as an appsawg document: draft-hoffman-server-has-tls-03.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jan 2011 02:39:04 -0000

Greetings again. I would like this WG to consider adopting the following 
draft as a WG item. It is definitely apps-related, and there is no other 
appropriate WG in the Applications or Security areas for it. It has been 
discussed in the websec WG, but that WG is limited to HTTP only (and 
this document covers TLS for all application protocols).

FWIW, some of the topics in this draft are quite open for active 
discussion. The discussion in websec brought up some interesting issues, 
but they got discussed in the HTTP context only, and this WG would be a 
better place to discuss them for all server protocols.

--Paul Hoffman

A New Internet-Draft is available from the on-line Internet-Drafts 

	Title           : Specifying That a Server Supports TLS
	Author(s)       : P. Hoffman
	Filename        : draft-hoffman-server-has-tls-03.txt
	Pages           : 8
	Date            : 2011-01-16

A server that hosts applications that can be run with or without TLS
may want to communicate with clients whether the server is hosting an
application only using TLS or also hosting the application without
TLS.  Many clients have a policy to try to set up a TLS session but
fall back to insecure if the TLS session cannot be set up.  If the
server can securely communicate whether or not it can fall back to
insecure tells such a client whether or not they should even try to
set up an insecure session with the server.  This document describes
the use cases for this type of communication and a secure method for
communicating that information.

A URL for this Internet-Draft is: