[TLS] Narrowing allowed characters in ALPN ?
Erik Nygren <erik+ietf@nygren.org> Wed, 19 May 2021 21:29 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A0243A1FB1 for <tls@ietfa.amsl.com>; Wed, 19 May 2021 14:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0ehTR7c96xW for <tls@ietfa.amsl.com>; Wed, 19 May 2021 14:29:46 -0700 (PDT)
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 296993A1FB0 for <tls@ietf.org>; Wed, 19 May 2021 14:29:45 -0700 (PDT)
Received: by mail-wr1-f51.google.com with SMTP id y14so13392907wrm.13 for <tls@ietf.org>; Wed, 19 May 2021 14:29:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=lQuClzTVfyE7xFXY2iJQ3NIMt85a7WrXqTEfC/dB9uY=; b=PE9TH1YQ8sBpvcwRIwdAM8XhGwVNgm8lK8ZdNT1YstTESy07WBxoxLh7H+rX8b/wJi du7kYbrXr9KisftqvQ5oPSgUWPqtJ+EwRgdQFAckazhBt27NthAi0OemIputAITTXAAd vwJopmeCi4DecZBDwZ00XECoiTehfWJ8fJ+NmUtM82SmmIJFLwnsH/4lAWYl38WOyb/q /75GR+n7/gNNhGosoX09/ur93/D8lnK/P1Ei6bGqGnREQ80KaM/LbBvrBvXiuQY+PSrJ su956XfJcmrLatxFhBnNKirr090CK3R+yTkF0ezfsU0vqBXyGV+ufjpBhLHm7CkpaJzz 5TqA==
X-Gm-Message-State: AOAM533Us33PHNCcAUSWwUIkPw0GFPd8zPEKPDW9Ef95wgZ4SqF83LhY SzB3tPuUHqUAxYh5+sgz/1rIPpP4Iy5dY0FmYdWq2/vmNIqJ6g==
X-Google-Smtp-Source: ABdhPJwhmy/aF2ml6MYwz5iT9PT9U4eNTMNUgVcy8fmKaM3+wwHxJbHbP9lZjfaIuiGpgTl8+FSV4TcKG8qibkQWX5w=
X-Received: by 2002:adf:cd8c:: with SMTP id q12mr902631wrj.43.1621459783922; Wed, 19 May 2021 14:29:43 -0700 (PDT)
MIME-Version: 1.0
From: Erik Nygren <erik+ietf@nygren.org>
Date: Wed, 19 May 2021 17:29:33 -0400
Message-ID: <CAKC-DJjSq2sVKsJphX4QQBHOBojnTVHNE-wkdnZyZtv8NiGpQA@mail.gmail.com>
To: "TLS@ietf.org" <tls@ietf.org>, Ben Schwartz <bemasc@google.com>, Mike Bishop <mbishop@evequefou.be>
Content-Type: multipart/alternative; boundary="0000000000007039a305c2b586a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JqhlkWX0H1F4Hi4pjMOcn1tkm-I>
Subject: [TLS] Narrowing allowed characters in ALPN ?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2021 21:29:49 -0000
With draft-ietf-dnsop-svcb-https being in WGLC in DNSOP, one feedback that has come up is that the escaping and parsing for SvcParamValues is complicated. Most of this complication comes from trying to support 8-bit clean ALPN values. Ideally in presentation format the ALPN list would be something like "h2,h3,http/1.1" but at the same time the current definition of ALPN as being a series of binary octets means that we need parsing and escaping rules. When httpbis defined Alt-Svc, quite a bit of complexity showed up there as well for supporting an 8-bit-clean ALPN value while allowing for an ascii representation for most codepoints. It seems likely that other specifications may run into the same challenge. Would there be support for updating the ALPN registry to indicate that registered ALPN values need to conform to a subset of token characters? There is a separate question for the process of making this change, but before even exploring that it seems necessary to ask the TLS WG if there are strong opinions on this one way or the other. >From a usability perspective, non-token ALPN values will have challenges in many of the systems that may try and configure them, as well as for rendering special characters in various systems that may handle ALPNs. The codepoint space is also massive so it isn't clear that there's a compelling need to support 8-bit ALPN from a code point conservation perspective. Erik
- [TLS] Narrowing allowed characters in ALPN ? Erik Nygren
- Re: [TLS] Narrowing allowed characters in ALPN ? Salz, Rich
- Re: [TLS] Narrowing allowed characters in ALPN ? Christian Huitema
- Re: [TLS] Narrowing allowed characters in ALPN ? Martin Thomson
- Re: [TLS] Narrowing allowed characters in ALPN ? Viktor Dukhovni
- Re: [TLS] Narrowing allowed characters in ALPN ? Ryan Sleevi
- Re: [TLS] Narrowing allowed characters in ALPN ? Mark Nottingham
- Re: [TLS] Narrowing allowed characters in ALPN ? Salz, Rich
- Re: [TLS] Narrowing allowed characters in ALPN ? Ben Schwartz
- Re: [TLS] Narrowing allowed characters in ALPN ? David Benjamin
- Re: [TLS] Narrowing allowed characters in ALPN ? Viktor Dukhovni
- Re: [TLS] Narrowing allowed characters in ALPN ? Viktor Dukhovni
- Re: [TLS] Narrowing allowed characters in ALPN ? Christian Huitema
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Andrei Popov
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Viktor Dukhovni
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Ryan Sleevi
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Viktor Dukhovni
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Nick Harper
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Viktor Dukhovni
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Nick Harper
- Re: [TLS] [EXTERNAL] Re: Narrowing allowed charac… Viktor Dukhovni