Re: [TLS] comments on draft-ietf-tls-applayerprotoneg-00
Andrei Popov <Andrei.Popov@microsoft.com> Wed, 10 April 2013 17:42 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FF9021F8E3C for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 10:42:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.534
X-Spam-Level:
X-Spam-Status: No, score=0.534 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7GC+20RX4q+J for <tls@ietfa.amsl.com>; Wed, 10 Apr 2013 10:42:55 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0211.outbound.protection.outlook.com [207.46.163.211]) by ietfa.amsl.com (Postfix) with ESMTP id 0A2BE21F8E04 for <tls@ietf.org>; Wed, 10 Apr 2013 10:42:54 -0700 (PDT)
Received: from BL2FFO11FD007.protection.gbl (10.1.15.200) by BY2FFO11HUB037.protection.gbl (10.1.14.120) with Microsoft SMTP Server (TLS) id 15.0.664.0; Wed, 10 Apr 2013 17:43:26 +0000
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD007.mail.protection.outlook.com (10.173.161.3) with Microsoft SMTP Server (TLS) id 15.0.664.0 via Frontend Transport; Wed, 10 Apr 2013 17:42:52 +0000
Received: from va3outboundpool.messaging.microsoft.com (157.54.51.112) by mail.microsoft.com (157.54.80.61) with Microsoft SMTP Server (TLS) id 14.2.318.3; Wed, 10 Apr 2013 17:42:45 +0000
Received: from mail204-va3-R.bigfish.com (10.7.14.234) by VA3EHSOBE005.bigfish.com (10.7.40.25) with Microsoft SMTP Server id 14.1.225.23; Wed, 10 Apr 2013 17:40:27 +0000
Received: from mail204-va3 (localhost [127.0.0.1]) by mail204-va3-R.bigfish.com (Postfix) with ESMTP id EDE30B000EA for <tls@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Wed, 10 Apr 2013 17:40:26 +0000 (UTC)
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT004.namprd03.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: -20
X-BigFish: PS-20(zz9371Ic89bhc857h4015Izz1f42h1fc6h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ahzz1033IL17326ah18c673h8275bh8275dhz31h2a8h668h839hd24hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h1ad9h1b0ah1bceh9a9j1155h)
Received-SPF: softfail (mail204-va3: transitioning domain of microsoft.com does not designate 157.56.240.21 as permitted sender) client-ip=157.56.240.21; envelope-from=Andrei.Popov@microsoft.com; helo=BL2PRD0310HT004.namprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:SKI; SFS:; DIR:OUT; SFP:; SCL:-1; SRVR:BLUPR03MB068; H:BLUPR03MB068.namprd03.prod.outlook.com; LANG:en;
Received: from mail204-va3 (localhost.localdomain [127.0.0.1]) by mail204-va3 (MessageSwitch) id 1365615624544804_28467; Wed, 10 Apr 2013 17:40:24 +0000 (UTC)
Received: from VA3EHSMHS033.bigfish.com (unknown [10.7.14.227]) by mail204-va3.bigfish.com (Postfix) with ESMTP id 8092940005D; Wed, 10 Apr 2013 17:40:24 +0000 (UTC)
Received: from BL2PRD0310HT004.namprd03.prod.outlook.com (157.56.240.21) by VA3EHSMHS033.bigfish.com (10.7.99.43) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 10 Apr 2013 17:40:23 +0000
Received: from BLUPR03MB068.namprd03.prod.outlook.com (10.255.209.156) by BL2PRD0310HT004.namprd03.prod.outlook.com (10.255.97.39) with Microsoft SMTP Server (TLS) id 14.16.287.3; Wed, 10 Apr 2013 17:40:23 +0000
Received: from BLUPR03MB068.namprd03.prod.outlook.com (10.255.209.156) by BLUPR03MB068.namprd03.prod.outlook.com (10.255.209.156) with Microsoft SMTP Server (TLS) id 15.0.670.13; Wed, 10 Apr 2013 17:40:21 +0000
Received: from BLUPR03MB068.namprd03.prod.outlook.com ([169.254.12.98]) by BLUPR03MB068.namprd03.prod.outlook.com ([169.254.12.98]) with mapi id 15.00.0670.000; Wed, 10 Apr 2013 17:40:21 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>, "tls@ietf.org" <tls@ietf.org>, "sfriedl@cisco.com" <sfriedl@cisco.com>
Thread-Topic: comments on draft-ietf-tls-applayerprotoneg-00
Thread-Index: AQHONcPtSs4jEEkM50KXgwJ1gKjlFpjPsQHQ
Date: Wed, 10 Apr 2013 17:40:21 +0000
Message-ID: <809fc77c0e08473a97502c346b6f4a7c@BLUPR03MB068.namprd03.prod.outlook.com>
References: <CAJU7zaKR5YA8Fbk43FJ3J7Oo-p-3VOOwSDaqdkRshJuYMyg0_A@mail.gmail.com>
In-Reply-To: <CAJU7zaKR5YA8Fbk43FJ3J7Oo-p-3VOOwSDaqdkRshJuYMyg0_A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.255.124.4]
Content-Type: multipart/alternative; boundary="_000_809fc77c0e08473a97502c346b6f4a7cBLUPR03MB068namprd03pro_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BLUPR03MB068.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%CISCO.COM$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%GMAIL.COM$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14HUBC106.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC106.redmond.corp.microsoft.com
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(189002)(199002)(76482001)(20776003)(47976001)(79102001)(51856001)(4396001)(53806001)(54356001)(33646001)(81342001)(77982001)(6806001)(512874001)(16676001)(564824004)(81542001)(59766001)(31966008)(74662001)(47446002)(69226001)(74502001)(80022001)(65816001)(71186001)(54316002)(46102001)(56816002)(50986001)(56776001)(44976002)(63696002)(18276755001)(47736001)(49866001)(18277545001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB037; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0812095267
Subject: Re: [TLS] comments on draft-ietf-tls-applayerprotoneg-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2013 17:42:56 -0000
Hi Nikos, * Section 6 “IANA Considerations” says: … We propose that this new registry be created in a new page entitled: "Application Layer Protocol Negotiation (ALPN) Protocol IDs" beneath the existing heading of "Transport Layer Security (TLS)". Protocol IDs are first introduced in section 3.1 “The Application Layer Protocol Negotiation Extension”. Here we can add a reference to section 6 to make this more clear. * In ALPN, the server cannot select more than one protocol (see sections 3.1 and 3.2). The reason the server is sending a protocol_name_list is that keeping client-side “extension_data” structure identical to the server-side “extension_data” structure simplifies both the documentation and the implementation. * The text about the hash calculations was intended to make it absolutely clear that the content of the new extension is included in the hash calculations, and avoid any ambiguity. The need for this clarification arises from the fact that ALPN, unlike many other TLS extensions, negotiates parameters that have nothing to do with the TLS protocol itself. Thanks, Andrei From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos@gmail.com] Sent: Wednesday, April 10, 2013 1:17 AM To: tls@ietf.org; sfriedl@cisco.com; Andrei Popov Subject: comments on draft-ietf-tls-applayerprotoneg-00 Hello, Some comments on the ALPN document. * At some point the document explains the term Protocols as: "are named by IANA registered, opaque, non-empty byte strings." This is not very explanatory. The first question that arises, is which IANA registry are these registered at? By reading the IANA considerations section I see a new registry being created with protocol entries, so at that point I can assume that this is the IANA registry intended, or not? Anyway I think the text should clarify that the IANA registry it refers to is defined in the same document. * In section 3.1, the server replies with the same extension and sends a ProtocolNameList containing a single Protocol. Why is then a list sent by the server? Why not send a single Protocol instead? Is there any use case where the client would accept more than one protocols? In that case should clients be prepared for servers that send more than one protocols? * In the same section it is mentioned: "The additional content associated with this extension MUST be included in the hash calculations associated with the "Finished" messages.". Why is that mentioned at all? Is there an option in TLS not to include that data in the TLS finished message hashes? regards, Nikos
- Re: [TLS] comments on draft-ietf-tls-applayerprot… Andrei Popov
- [TLS] comments on draft-ietf-tls-applayerprotoneg… Nikos Mavrogiannopoulos
- Re: [TLS] comments on draft-ietf-tls-applayerprot… Andrei Popov
- Re: [TLS] comments on draft-ietf-tls-applayerprot… Martin Rex
- Re: [TLS] comments on draft-ietf-tls-applayerprot… Paul Hoffman
- Re: [TLS] comments on draft-ietf-tls-applayerprot… Stephan Friedl (sfriedl)
- Re: [TLS] comments on draft-ietf-tls-applayerprot… Martin Rex