IETF Logo Mail Archive

Re: [Dots] TLS APLN extension

Benjamin Kaduk <kaduk@mit.edu> Wed, 23 May 2018 00:35 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DABD612D95E for <dots@ietfa.amsl.com>; Tue, 22 May 2018 17:35:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Es1Vd-_6k7E for <dots@ietfa.amsl.com>; Tue, 22 May 2018 17:35:00 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4365812D94B for <dots@ietf.org>; Tue, 22 May 2018 17:35:00 -0700 (PDT)
X-AuditID: 12074424-f1dff700000031db-52-5b04b731dc04
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 52.86.12763.237B40B5; Tue, 22 May 2018 20:34:58 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w4N0YuwB025092; Tue, 22 May 2018 20:34:56 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w4N0YpGv003925 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 22 May 2018 20:34:54 -0400
Date: Tue, 22 May 2018 19:34:52 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
Cc: Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
Message-ID: <20180523003451.GG10597@kduck.kaduk.org>
References: <13d301d3f0d8$f66f7c60$e34e7520$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302DF1E28F@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DF1E28F@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphleLIzCtJLcpLzFFi42IR4hRV1jXazhJt8P6PksXaN0dYLQ6/fcpu cXD7TCYHZo8lS34yeZy4Vu/R8uwkWwBzFJdNSmpOZllqkb5dAlfGvjePWAqu8VVcW5bRwNjJ 3cXIySEhYCLx8fQ11i5GLg4hgcVMEncm3mKHcDYyShye/YMZwrnKJHH7VhMjSAuLgKrE7ZM3 2UBsNgEViYbuy8wgtoiAgsS+tn4WEJtZwEdi07z7YHFhATWJKzeusILYvEDr9n4+BzV0MqPE hMtLoRKCEidnPoFq1pHYufUO0AIOIFtaYvk/DoiwvETz1tlgMzkFkiQOfP4FZosKKEvs7TvE PoFRcBaSSbOQTJqFMGkWkkkLGFlWMcqm5Fbp5iZm5hSnJusWJyfm5aUW6Zrr5WaW6KWmlG5i BAU6u4vKDsbuHu9DjAIcjEo8vCvEWKKFWBPLiitzDzFKcjApifIqRQGF+JLyUyozEosz4otK c1KLDzFKcDArifB+usQULcSbklhZlVqUD5OS5mBREufNXcQYLSSQnliSmp2aWpBaBJOV4eBQ kuBN3go0VLAoNT21Ii0zpwQhzcTBCTKcB2i4OkgNb3FBYm5xZjpE/hSjopQ4r+82oIQASCKj NA+uF5SIJLL317xiFAd6RZi3EaSdB5jE4LpfAQ1mAhp8cTkzyOCSRISUVAPjRnmh/kvJy0MK 3Jq/O1551les6Wyw6JyudVWn+8a8naYmJpu6Lx/5VpAgcrgqfPpS9qrlZ2wnWucVKZxX2cnM +Ujo/jrHO/P9btworftX+FuktC1CZNKzy6t0kjj8/ZpvP50f8rEvXH9GJkNwVOsziemHp5Zz bmc8P13VOnebUHVBpUdhhIsSS3FGoqEWc1FxIgArxR/fHwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/gSCyglNh8jmP8WmLhs1DJsdT9Q8>
Subject: Re: [Dots] TLS APLN extension
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 00:35:02 -0000

The dedicated port number is only somewhat relevant, I think -- the
main question is whether the coaps+tcp URI scheme is in use.  The
RFC 8323 requirements only come into play for that URI scheme.

-Ben

On Tue, May 22, 2018 at 07:54:39AM +0000, mohamed.boucadair@orange.com wrote:
> Re-,
> 
> Do we need this given that DOTS is using a dedicated port number?
> 
> Cheers,
> Med
> 
> De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon Shallow
> Envoyé : lundi 21 mai 2018 09:55
> À : dots@ietf.org
> Objet : [Dots] TLS APLN extension
> 
> Hi there,
> 
> As per RFC 8323: 8.2.  coaps+tcp URI Scheme
> 
> ....
> 
>    o  If a TLS server does not support the Application-Layer Protocol
>       Negotiation (ALPN) extension [RFC7301] or wishes to accommodate
>       TLS clients that do not support ALPN, it MAY offer a coaps+tcp
>       endpoint on TCP port 5684.  This endpoint MAY also be ALPN
>       enabled.  A TLS server MAY offer coaps+tcp endpoints on ports
>       other than TCP port 5684, which MUST be ALPN enabled.
> 
>    o  For TCP ports other than port 5684, the TLS client MUST use the
>       ALPN extension to advertise the "coap" protocol identifier (see
>       Section 11.7) in the list of protocols in its ClientHello.  If the
>       TCP server selects and returns the "coap" protocol identifier
>       using the ALPN extension in its ServerHello, then the connection
>       succeeds.  If the TLS server either does not negotiate the ALPN
>       extension or returns a no_application_protocol alert, the TLS
>       client MUST close the connection.
> 
> Do we need to refer to the requirement for ALPN as we are not hosting on port 5684?
> 
> Regards
> 
> Jon

> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email