Re: [TLS] WGLC comments on draft-ietf-tls-applayerprotoneg-01

Yoav Nir <> Tue, 20 August 2013 18:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3F35C21F92B8 for <>; Tue, 20 Aug 2013 11:16:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -11.678
X-Spam-Status: No, score=-11.678 tagged_above=-999 required=5 tests=[AWL=0.921, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oEcu7l2nIRP1 for <>; Tue, 20 Aug 2013 11:16:44 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 8B7D621F995F for <>; Tue, 20 Aug 2013 11:16:43 -0700 (PDT)
Received: from ([]) by (8.13.8/8.13.8) with ESMTP id r7KIGdl1028145; Tue, 20 Aug 2013 21:16:39 +0300
X-CheckPoint: {5213B287-30-1B221DC2-1FFFF}
Received: from ([]) by ([]) with mapi id 14.02.0342.003; Tue, 20 Aug 2013 21:16:39 +0300
From: Yoav Nir <>
To: Martin Thomson <>
Thread-Topic: [TLS] WGLC comments on draft-ietf-tls-applayerprotoneg-01
Thread-Index: AQHOnQaCdJJT7vp320qHp0flMWqEHJmc+GSAgABs+YCAALn/gIAAFyoA
Date: Tue, 20 Aug 2013 18:16:38 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
x-cpdlp: 110084a1e82541f865a51b0b5ef6e236ed2aec085f
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [TLS] WGLC comments on draft-ietf-tls-applayerprotoneg-01
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 20 Aug 2013 18:16:50 -0000

On Aug 20, 2013, at 7:53 PM, Martin Thomson <> wrote:

> On 19 August 2013 22:54, Yoav Nir <> wrote:
>> It's not meant to be displayed to the end user, as in my mother surfing the web. But it's nice to be able to see a recognizable string in Wireshark. So yes, keep HTTP/1.1 (and HTTP/2.0). SPDY, however, should be experimental or some such. There's no reason to keep it in the registry forever, or place it in the registry in the first place.
> I have no trouble keeping "HTTP/1.1".  I do have a concern that the
> string "http/1.1" will cause confusion though.  Is it really so
> difficult to register an uppercase string?

Well, uppercase letters tend to be bigger, which may be an issue for constrained devices.

+1 on harmonizing with the string we all know and love.

>> I agree with the RFC. I prefer a private space that has an "owner".
> Rather than inventing a new semantic-free, structured identifier
> space, which the RFC in question specifically recommends against, why
> don't we just do what RFC 6648 recommends and create a registry.
> Registration is cheap.  And if you feel the urge to experiment without
> registering your codepoint, that's cool too.

This tends to make registries fill up with failed and obsoleted experiments. For example, if all goes well, there will be no need to ever again use "spdy/1", "spdy/2", and "spdy/3" in a year or so from now. "spdy/1" and "spdy/2" can probably already be pulled out of the proposed initial assignment. But there is never a procedure to remove stuff from registries.

Anyway, registration is cheap or not based on policy. I've just noticed that this draft does not specify an IANA policy (RFC 5226). So I propose that the following sentence be added to section 6: "The assignment policy for this new registry shall be 'First Come, First Served'."