Re: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned

Andrei Popov <> Mon, 13 April 2015 21:58 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A9FC11A90B0 for <>; Mon, 13 Apr 2015 14:58:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_ILLEGAL_IP=1.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T08m7Yo8FzoJ for <>; Mon, 13 Apr 2015 14:58:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9B42E1A9090 for <>; Mon, 13 Apr 2015 14:58:13 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 13 Apr 2015 21:58:13 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 13 Apr 2015 21:58:12 +0000
Received: from ([]) by ([]) with mapi id 15.01.0136.014; Mon, 13 Apr 2015 21:58:12 +0000
From: Andrei Popov <>
To: Martin Thomson <>, "" <>
Thread-Topic: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned
Thread-Index: AQHQdjMVLAECbtqN1ke7Q3E3qycYJJ1Le3aAgAAAZTA=
Date: Mon, 13 Apr 2015 21:58:11 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:ed31::2]
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1252; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1265;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(24454002)(13464003)(377454003)(87936001)(46102003)(122556002)(2501003)(74316001)(106116001)(33656002)(76176999)(2656002)(4001410100001)(99286002)(40100003)(19580405001)(19580395003)(86612001)(86362001)(76576001)(102836002)(77156002)(62966003)(92566002)(50986999)(2900100001)(2950100001)(54356999)(7059030)(3826002)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1252;; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:BN3PR0301MB1252; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1252;
x-forefront-prvs: 0545EFAC9A
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2015 21:58:11.9308 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1252
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Apr 2015 21:58:14 -0000

Yes, this is an example of NPN legacy in ALPN, and yes there is some API pain involved.

-----Original Message-----
From: Martin Thomson [] 
Sent: Monday, April 13, 2015 2:51 PM
Cc: Andrei Popov;
Subject: Re: [TLS] TLS ALPN (rfc7301), no reserved seperator char and why is 0 no banned

On 13 April 2015 at 14:44, Martin Rex <> wrote:
> But I just fail to see a rationale why it needs to be that 
> artificially awkward with no pressing need.

The rationale could be as simple as the fact that no one made any attempt to constrain the value-space when the RFC was discussed in the working group.

Apparently, people who had NPN implementations were already doing the ugly API thing (the API in NSS is definitely not an examplar here) and so no one objected at the time.

I agree that it's more painful than absolutely necessary.