IETF Logo Mail Archive

Re: [TLS] Questions about ALPN

Adam Langley <agl@google.com> Wed, 09 April 2014 16:04 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 212CB1A035B for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 09:04:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMqEIMfrxB2T for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 09:04:29 -0700 (PDT)
Received: from mail-vc0-x231.google.com (mail-vc0-x231.google.com [IPv6:2607:f8b0:400c:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id 6CAE91A031F for <tls@ietf.org>; Wed, 9 Apr 2014 09:04:29 -0700 (PDT)
Received: by mail-vc0-f177.google.com with SMTP id if17so2216234vcb.22 for <tls@ietf.org>; Wed, 09 Apr 2014 09:04:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=A/UmfCkwP0TrlM49eMkH/HPj0vdGpQ7oNoB0HZyTu4s=; b=ToKdlnHs8PLO0MdiOwFZMoLQ3fa3jxKZM6/PyrEVUdD0ZdG7GTLEFekfqOhv+oKtYl oqemZ4MFTl4rN//nRlodWyKbuK3I3hp8XTfE0DLrkQAeYxmhr9XLV5poVUam4jFfmMdP v1i7/mpWkzGslAL044jFWshop/SbFfOokIYO0loeVXDrOQZ+yeb+A+U63NhqMT1+aimQ ACGUMuLH7nX0eVUaGaLUJ5In3Nkx8nE9witc0KncaV7pTlAUDQ2rC6kjQ6rehhz99qr5 H4lyrB4MF0te8S/otgjuMJf+mZZaROw676BRwidjg/l4U0tQD1fT3YUmy9GDMl9u4Utz 0/zQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=A/UmfCkwP0TrlM49eMkH/HPj0vdGpQ7oNoB0HZyTu4s=; b=IVEi1nDPEvTIj7QN4VakZp1u6k+MiiWP+GkBWmgkRgG/0dU/PF5jnbfWPpxq3ByIQQ xVo7h3O36wd66+Y561qeUpDId6kzIA3ioBQKIW4UoDUYlsPfo0YdoQ9zgBEr9biczouA R5sqtFaN9/5jV7VIeVHXwut+ry36ssKEgfGqZCWV378s1gRrGPNOmnnOwuHIXHAPyYKn Wxo6aA2fRjwrqFC3H8LL5dT0uZL91RWkCwc4fyhsHvkSOmrcVfBlpd9/02Ne09Tt1Hjl qfCaZUVk9g2hfiJuvN7PdxLm16bfCsGlY0bJ5gqpMppqyR6/7pUR/J6ZTNqw9iFbj9Py hEvw==
X-Gm-Message-State: ALoCoQmovcKZz5qx6cRnReWcwux8xsb5ElNFs+tg0FFNLogsAL5rbcbTZ9nmhY4iJ4JMvGtklnKzbsNaUGRvBTBO2fhwJHinNrWS9k5qKCYo66yHHUhUYZpIvksKdKuvUhbbaXUB4NB/PEwLzpAwC6jyg1DJlFi/QDtbnRMnfUvr6RhI94uoqhs5vjfJ+O0o8B0BFedI8dYX
X-Received: by 10.52.108.164 with SMTP id hl4mr7692231vdb.25.1397059468705; Wed, 09 Apr 2014 09:04:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.98.225 with HTTP; Wed, 9 Apr 2014 09:04:07 -0700 (PDT)
In-Reply-To: <53456D1B.1010804@alum.mit.edu>
References: <53456D1B.1010804@alum.mit.edu>
From: Adam Langley <agl@google.com>
Date: Wed, 09 Apr 2014 09:04:07 -0700
Message-ID: <CAL9PXLzF5AZ4WuTdCUBu3BY0BDRBj=120DnJefMd7hs-0hcU5w@mail.gmail.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/811-jETeXSHA3Gh-svSgv-OWdIs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Questions about ALPN
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 16:04:31 -0000

On Wed, Apr 9, 2014 at 8:54 AM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:
> For instance, the draft doesn't mention DTLS. But I have found discussion
> elsewhere that says it is intended to be used for DTLS.

Yes, it applies to DTLS also, although I don't know anyone use it for such yet.

> OTOH, it is far from clear that the *same* registry should be used for both
> TLS and DTLS. The two transports have significantly different
> characteristics, so that many application protocols will only work over one
> or the other. (Or if they work over both, they might arguably be *different*
> protocol variants.)

I believe there is only one registry. I don't think that there's
danger of ambiguity here. If the connection is DTLS then it's
obviously the DTLS varient of the protocol that should be used.

> And what about using the ALPN registry for protocols that run on top of
> transports other that TLS and DTLS? Is that appropriate?

I don't think so.

> - Specify the policy IANA is to use for deciding whether to accept
>   a new registration in the ALPN registry. (You can't define a new
>   registry without this.)

The policy is Expert Review as given in the draft.

> - Specify clearly the information that is to appear in the ALPN
>   registry. IMO, in addition to the name this needs to include
>   *at least* the transport protocol(s) over which the application
>   layer protocol is valid.

I don't think this additional bureaucracy is useful. I can't imagine a
situation where this is going to help someone.

> - Specify the transport layer protocols that are valid transports
>   of ALPN protocols.

Mentioning DTLS is something that I think has general agreement for
inclusion in the next revision of the draft.

> - Specify the acceptable syntax of ALPN names

ALPN names are bytestrings, there's no syntax.

> - Specify guidelines for when it is appropriate to add a new protocol
>   to the ALPN registry. (E.g., when it is intended to be used in
>   NPN negotiation in TLS and DTLS.)

I would hope the expert in the Expert Review would notice a request
that was so confused that they were applying for an ALPN string when
not using (D)TLS!


Cheers

AGL

v2.23.0 | Report a Bug | By Email