Re: New tunnel protocol
Martin Thomson <martin.thomson@gmail.com> Tue, 27 January 2015 01:18 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1AF61A1AF1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 26 Jan 2015 17:18:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.012
X-Spam-Level:
X-Spam-Status: No, score=-7.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHxl2dGxVyWH for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 26 Jan 2015 17:18:01 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE0261A1B59 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 26 Jan 2015 17:17:50 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YFukR-0004RE-90 for ietf-http-wg-dist@listhub.w3.org; Tue, 27 Jan 2015 01:15:19 +0000
Resent-Date: Tue, 27 Jan 2015 01:15:19 +0000
Resent-Message-Id: <E1YFukR-0004RE-90@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1YFukL-0003dM-Pt for ietf-http-wg@listhub.w3.org; Tue, 27 Jan 2015 01:15:13 +0000
Received: from mail-oi0-f54.google.com ([209.85.218.54]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1YFukK-0007nh-JK for ietf-http-wg@w3.org; Tue, 27 Jan 2015 01:15:13 +0000
Received: by mail-oi0-f54.google.com with SMTP id v63so10110926oia.13 for <ietf-http-wg@w3.org>; Mon, 26 Jan 2015 17:14:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rjgE2KlZdHlMA6ub0fDdmZnh3wWiWwWIRfCr1BPTs+w=; b=tbUCVX4qhg4YeK7465duLlOBj3aUPSM6gCYO9nB9Ex1DzV0NDJjZu8vnKBqB4x3ymu FOZ0nr77HndGsArnVPaSEuTgso5HQjyncDkOf9e4FJGaGPHVMxEWWdofWTx2f1MTDaOU MOyGb/sv/g1BN7EKrLtuggGUk20fQmqoTCNntuG0nw93plcnVY1qFy2yM1NbVrL85zll 45IT5iom9ayD5UynuHUjlbwHeya6xhGnLczD3f21qVns7xdaDKmDVkcPQ4K7e47vmcgy 9aGO7E0I/mqtuww7/6kkxhcPN3vStO85HCWDvNbOCk3Ys11TCMFXjjH4pIoikmIMrwAt udpQ==
MIME-Version: 1.0
X-Received: by 10.60.131.232 with SMTP id op8mr14814936oeb.59.1422321286854; Mon, 26 Jan 2015 17:14:46 -0800 (PST)
Received: by 10.202.226.136 with HTTP; Mon, 26 Jan 2015 17:14:46 -0800 (PST)
In-Reply-To: <eme741a11a-727b-4413-96db-10718a191d6c@bodybag>
References: <CABkgnnVKtOZtBAZnHHZK_MFTdDcp_xH2tcm7KBAcR-N0eQq0ZQ@mail.gmail.com> <eme741a11a-727b-4413-96db-10718a191d6c@bodybag>
Date: Mon, 26 Jan 2015 17:14:46 -0800
Message-ID: <CABkgnnUivsiDJ-wx1fsdT6PSvMQZCSYE1CQn_fn3b1d=oe8_JA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.218.54; envelope-from=martin.thomson@gmail.com; helo=mail-oi0-f54.google.com
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: AWL=-1.699, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: maggie.w3.org 1YFukK-0007nh-JK 0dbfa02f92156868453a83d9d5f089b9
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New tunnel protocol
Archived-At: <http://www.w3.org/mid/CABkgnnUivsiDJ-wx1fsdT6PSvMQZCSYE1CQn_fn3b1d=oe8_JA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28662
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 26 January 2015 at 17:02, Adrien de Croy <adrien@qbik.com> wrote: > What I would rather do (at least at this stage) is initially trust the > client's assertion, and break in other ways if they lied, e.g. if they say > SMTP then pass it to SMTP analyzer, and if it happened to be something else, > then the SMTP analyzer will complain that it's not SMTP. Yep, I'd definitely do the same. I'm guessing that anything that isn't SMTP won't get very far. > For the pathological case where you're tunnelling a secured protocol over an > additional TLS tunnel. I don't know how you'd describe this in your draft, > except by requiring people to get new ALPN ids registered for pop3 over TLS > over TLS. Yep. pop3s, then pop3ss, then pop3sssssssssssssss if you like. Something more generically decomposable invites a new set of issues. Do you identify TCP? Just because CONNECT uses TCP, that doesn't mean you can't identify something in ALPN that doesn't (see draft-ietf-rtcweb-alpn for example). The rtcweb draft actually sealed this for me, would you really want to identify that protocol, with all the branches: UDP, or TCP, or TURN over either of those (both TURN-UDP and TURN-TCP variants), then a mixture of SRTP, DTLS and ICE. On top of DTLS, then there is SCTP (with its UDP encapsulation), then on top of that there is a data channel protocol, after which there is some other protocol (which we do have an identifier for, but we don't trust that, and nor can we really police it either, and it might start after the tunnel is created). In case you want the whole ugly story: https://tools.ietf.org/html/draft-ietf-rtcweb-transports-07
- New tunnel protocol Martin Thomson
- Re: New tunnel protocol Mark Nottingham
- Re: New tunnel protocol Amos Jeffries
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Julian Reschke
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Amos Jeffries
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Willy Tarreau
- Re: New tunnel protocol Amos Jeffries
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Willy Tarreau
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Willy Tarreau
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Willy Tarreau
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Amos Jeffries
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Mark Nottingham
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Mark Nottingham
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Amos Jeffries
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Mark Nottingham
- Re: New tunnel protocol Nicolas Mailhot
- Re: New tunnel protocol Adrien de Croy
- Re: New tunnel protocol Stephen Farrell
- Re: New tunnel protocol Willy Tarreau
- Re: New tunnel protocol Martin Thomson
- Re: New tunnel protocol Willy Tarreau
- Re: New tunnel protocol Mark Nottingham