Re: [quicwg/base-drafts] TLS alert no_application_protocol is not always possible (#3580)

Andrew Macedonia <> Wed, 15 April 2020 16:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A58203A0CFC for <>; Wed, 15 Apr 2020 09:43:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.175
X-Spam-Status: No, score=-2.175 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J7-TmYq9A9Kp for <>; Wed, 15 Apr 2020 09:43:57 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 64CFB3A0CF7 for <>; Wed, 15 Apr 2020 09:43:57 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 241EB2C0AEA for <>; Wed, 15 Apr 2020 09:43:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1586969036; bh=h3jTh2e680oOxbwFLiwwJ+ZTZqSjUX3nQ6S8cjFzMsc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=oyFg9VoVQ5QgxIABNnYYXPN1Te8MBy/8HSc34l+ESx4zeO2zm4n1mnQqiEa23UDL+ JtfOes+57FsqFO/1XtcP89cUaPmQPW6M0QnFyoaKdy7/gbN6t8Aw0dfU7jACt1AXKI vEa9yWBRkwq5XPFph+xK/YY+b/J4L3XRCPaZETsA=
Date: Wed, 15 Apr 2020 09:43:56 -0700
From: Andrew Macedonia <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3580/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] TLS alert no_application_protocol is not always possible (#3580)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e9739cc13cb6_afb3fdcf90cd968333066"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ajmacedonia
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 Apr 2020 16:43:59 -0000

I'm not concerned with the security implications, or lack thereof, of sending no_application_protocol. My main concern is that we, and other implementations, will be non-compliant with the draft because we have no choice but to send a general handshake_failure alert in this case. Our TLS implementation doesn't allow us to choose which alerts are converted to handshake_failure before being reported to QUIC; it's all or nothing.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: