IETF Logo Mail Archive

[hybi] TLS-NPN - was Re: Why not just use ssh?

John Tamplin <jat@google.com> Wed, 01 September 2010 16:03 UTC

Return-Path: <jat@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E77933A69A3 for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 09:03:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.869
X-Spam-Level:
X-Spam-Status: No, score=-105.869 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wffGJC9QjODJ for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 09:03:11 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 606213A69AF for <hybi@ietf.org>; Wed, 1 Sep 2010 09:02:21 -0700 (PDT)
Received: from hpaq2.eem.corp.google.com (hpaq2.eem.corp.google.com [172.25.149.2]) by smtp-out.google.com with ESMTP id o81G2pcc024941 for <hybi@ietf.org>; Wed, 1 Sep 2010 09:02:51 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1283356971; bh=goXmiX1dedYH2MDwNVyHzz4WS48=; h=MIME-Version:From:Date:Message-ID:Subject:To:Cc:Content-Type; b=tglIGuDhdWOqMZT9rR0axfyF8pg2o44519GLmJUxB82mEO18GdTjF7Ol9LNZNm+TT eW5gRBHPd5Nda+TDyB71A==
Received: from yxe1 (yxe1.prod.google.com [10.190.2.1]) by hpaq2.eem.corp.google.com with ESMTP id o81G2gIA030159 for <hybi@ietf.org>; Wed, 1 Sep 2010 09:02:50 -0700
Received: by yxe1 with SMTP id 1so3444395yxe.16 for <hybi@ietf.org>; Wed, 01 Sep 2010 09:02:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:received:mime-version:received:from:date :message-id:subject:to:cc:content-type; bh=YDX8n1Py0uoHHvz1xL517oJEtLhW3FoudqUcg/eefnU=; b=jBbvEkMbUXli+ELPfSBbw2cDQjOsqeVPrdMb4/+hkG9jIzQvBSlk/llRlRats4kJUi e3gYgqZ5xhwSf8uqznlQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:from:date:message-id:subject:to:cc:content-type; b=NENHraFdG8gWEDo0eAZYEqbcOUBgmOCrUfX26ViPHdnSkBUM9p7/I313YVRXu32PVz tyasLSggFIW0zjJHi3Kg==
Received: by 10.150.135.10 with SMTP id i10mr4266550ybd.181.1283356969373; Wed, 01 Sep 2010 09:02:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.151.103.4 with HTTP; Wed, 1 Sep 2010 09:02:29 -0700 (PDT)
From: John Tamplin <jat@google.com>
Date: Wed, 01 Sep 2010 12:02:29 -0400
Message-ID: <AANLkTik2dHmEdQBFssStJEXrNhqAJDSq0H2wL3_B-4Br@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
X-System-Of-Record: true
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: [hybi] TLS-NPN - was Re: Why not just use ssh?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 16:03:13 -0000

While we are on the topic of TLS-NPN, I looked briefly and I wasn't
sure but it looks like the choice of which certificate to present to
the client happens before the WebSocket protocol is involved -- is
that correct?

If so, that would seem to preclude having "virtual domain" support for
WebSocket servers over TLS.  While that hasn't proven insurmountable
with https, it seems like it would be a good thing if we avoid this
limitation with WebSockets.

-- 
John A. Tamplin
Software Engineer (GWT), Google

v2.23.0 | Report a Bug | By Email