IETF Logo Mail Archive

Re: [TLS] Next Protocol Negotiation 03

Yoav Nir <ynir@checkpoint.com> Wed, 25 April 2012 12:05 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90DCA21F878E for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 05:05:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.564
X-Spam-Level:
X-Spam-Status: No, score=-10.564 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6o1iini72ACO for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 05:05:02 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 5A15521F8789 for <tls@ietf.org>; Wed, 25 Apr 2012 05:05:02 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id q3PC4woB027710; Wed, 25 Apr 2012 15:04:58 +0300
X-CheckPoint: {4F97F4E1-1-1B221DC2-5FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 25 Apr 2012 15:04:57 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Adam Langley <agl@google.com>
Date: Wed, 25 Apr 2012 15:05:00 +0300
Thread-Topic: [TLS] Next Protocol Negotiation 03
Thread-Index: Ac0i26FCxqAF/3ftSgG0pjdgL6DEWw==
Message-ID: <13435052-1245-4C37-A0D0-C5CBFFB1FE75@checkpoint.com>
References: <CAL9PXLy31VzxLidgOy64MnDAyRE=HU=hxyBXW1rgB+Xnd0vKjA@mail.gmail.com>
In-Reply-To: <CAL9PXLy31VzxLidgOy64MnDAyRE=HU=hxyBXW1rgB+Xnd0vKjA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
x-cpdlp: 11c47f6cb40e40d02ab74ed013f2e1c3861382bc16
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Next Protocol Negotiation 03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 12:05:03 -0000

Hi Adam

I support the adoption of NPN.

However, I would like to get a statement from Google, that if the output from the working group is different from what is running on Google's servers (and Chrome and Firefox) right now, those servers and clients will change to match the standard. Otherwise, we are going to have one of two outcomes:
 - the TLS working group rubber-stamps Google's proposal, perhaps decorating it with some nice security considerations.
 - the TLS working group creates a different standard, and implementers can choose between the Google NPN and the IETF NPN, and more that likely, implement both.

At HTTPBIS in Paris There was such a statement about SPDY. Can you make one about NPN?

I can think of two things that might prove contentious:
 1. Using the extension and handshake numbers. I would hope that IANA assigns those numbers rather than forcing a transition period, but that should not be a problem as both clients update without asking the user, and the servers are under your control. So it's not a problem either way.

 2. Some may consider the use of a new handshake message as superfluous. You could have the client advertise that it supports http/1.1 and spdy/2.0, and then the server chooses one in the ServerHello. The downside is that an eavesdropper can then know what the protocol inside the TLS connection is. I don't know if the benefit of hiding that information is worth a new handhsake message, which also changes the state machine.

Yoav

On Apr 24, 2012, at 11:56 PM, Adam Langley wrote:

> With httpbis active, several people have suggested that it's time to
> make another pass at making NPN a little more formal.
> 
> Previous drafts have omitted some details so that the more important
> aspects were clearer. Paul Hoffman also made a valiant attempt [2] at
> making it more "IETF friendly" to see whether that would get anywhere.
> 
> In contrast, the current draft [1] is complete and sufficient to
> produce an interoperable implementation with what's running on
> www.google.com.
> 
> Perforce, it includes the current extension and handshake message
> numbers. I understand that using these numbers without permission has
> upset some people. However, we stand up, evaluate and tear down TLS
> work at a rate far in excess of what the WG could usefully process.
> Standardising every experiment before testing it would waste RFCs and
> allocations, not to mention years. Therefore the extension and
> handshake numbers were randomly generated.
> 
> NPN is included in several TLS implementations and used quite
> regularly on the Internet and I would like the TLS WG to consider its
> adoption.

v2.23.0 | Report a Bug | By Email