Re: [TLS] Next Protocol Negotiation 03
Marsh Ray <marsh@extendedsubset.com> Mon, 21 May 2012 22:57 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3CE621F85B9 for <tls@ietfa.amsl.com>; Mon, 21 May 2012 15:57:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05-EDGam7FkF for <tls@ietfa.amsl.com>; Mon, 21 May 2012 15:57:31 -0700 (PDT)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by ietfa.amsl.com (Postfix) with ESMTP id 2DB2121F858F for <tls@ietf.org>; Mon, 21 May 2012 15:57:31 -0700 (PDT)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.72) (envelope-from <marsh@extendedsubset.com>) id 1SWbXe-0000PU-Oe; Mon, 21 May 2012 22:57:30 +0000
Received: from [172.16.2.4] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 256506085; Mon, 21 May 2012 22:57:29 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1+pMrkAbj0JDp4yfNPlJzUjYl0azQN4J+w=
Message-ID: <4FBAC851.8090305@extendedsubset.com>
Date: Mon, 21 May 2012 17:57:21 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Adam Langley <agl@chromium.org>
References: <4F9981FC.4000205@extendedsubset.com> <201204261721.q3QHL0lA014062@fs4113.wdf.sap.corp> <CAL9PXLwkMqyaSfDLssGH_oT5gHFeV2s64v-gTiYFH+dSq9ZvAQ@mail.gmail.com> <CAL9PXLyX0NKtjK4DcmSq-J3X3yNhNm2BUC3HPLbpEALzR0NmYg@mail.gmail.com>
In-Reply-To: <CAL9PXLyX0NKtjK4DcmSq-J3X3yNhNm2BUC3HPLbpEALzR0NmYg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Next Protocol Negotiation 03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 22:57:31 -0000
On 05/21/2012 04:36 PM, Adam Langley wrote: > On Thu, Apr 26, 2012 at 1:29 PM, Adam Langley<agl@chromium.org> wrote >> So, in short, "still thinking". > > I've respun the draft in order to change the NextProtocol message into > an EncryptedExtensions message which has the same format as the > extension block in the hello messages. Everything else is the same. > > This allows the client's protocol selection to remain under > encryption. The server's list of protocols is still in the clear, but > that can be fixed via an orthogonal change like Marsh's encrypted > handshake. > > https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 That's seems like a cleaner version of the same approach. Now we can drop the parenthesis in "NP(N)"! If it's intended to be usable by more than just NPN, perhaps it should be described in a separate document? It does seem to raise the same discussion about resistance to active mischief that we've been going over for draft-ray-tls-encrypted-handshake and draft-mavrogiannopoulos-tls-server-key-exchage. It would be really nice to get these considerations addressed in one or some small set of docs. - Marsh
- [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Yoav Nir
- Re: [TLS] Next Protocol Negotiation 03 Jack Lloyd
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Nikos Mavrogiannopoulos
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Peter Saint-Andre
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Martin Rex
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 George Kadianakis
- Re: [TLS] Next Protocol Negotiation 03 Tom Ritter
- Re: [TLS] Next Protocol Negotiation 03 George Kadianakis
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Wan-Teh Chang
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Wan-Teh Chang
- Re: [TLS] Next Protocol Negotiation 03 Martin Rex
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Ben Laurie
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Paul Hoffman
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov