Re: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned

Andrei Popov <> Mon, 13 April 2015 21:32 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id DB7CE1A8855 for <>; Mon, 13 Apr 2015 14:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_ILLEGAL_IP=1.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nZ1GvbHZI41B for <>; Mon, 13 Apr 2015 14:32:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 804071A8838 for <>; Mon, 13 Apr 2015 14:32:24 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 13 Apr 2015 21:32:23 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 13 Apr 2015 21:32:22 +0000
Received: from ([]) by ([]) with mapi id 15.01.0136.014; Mon, 13 Apr 2015 21:32:22 +0000
From: Andrei Popov <>
To: "" <>, "" <>
Thread-Topic: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned
Thread-Index: AQHQdi9iiKNw4qTUUEOLU8cBaoI6OJ1LdMAA
Date: Mon, 13 Apr 2015 21:32:22 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:ed31::2]
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1252; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1185;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(13464003)(377454003)(87936001)(46102003)(2501003)(122556002)(74316001)(106116001)(33656002)(76176999)(107886001)(2656002)(4001410100001)(40100003)(99286002)(19580405001)(19580395003)(86612001)(86362001)(76576001)(102836002)(77156002)(15975445007)(62966003)(92566002)(50986999)(2900100001)(2950100001)(54356999)(7059030)(3826002)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1252;; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:BN3PR0301MB1252; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1252;
x-forefront-prvs: 0545EFAC9A
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2015 21:32:22.3482 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1252
Archived-At: <>
Subject: Re: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Apr 2015 21:32:26 -0000

Hi Martin,

Although the currently defined ALPN IDs consist of printable characters (which admittedly helps when looking at network traces), generally speaking ALPN IDs are octet strings and could contain arbitrary bytes.



-----Original Message-----
From: TLS [] On Behalf Of Martin Rex
Sent: Monday, April 13, 2015 2:18 PM
Subject: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned

I have only recently looked at the TLS extension ALPN spec (RFC7301) and it seems that there currently is no reserved character for the ALPN ID registry that could be used as seperator character if one wanted to facilitate the admin/user UI and tracing/logging.

While I don't allowing UTF8, I would have really appreciated reserving at least one character (or octet value) for the obvious purpose of printing all currently offered protocols in a single line.

I'm also puzzled why the octet value 0 was not banned from the ALPN ID either.  That seems like calling for trouble.


TLS mailing list