Re: [TLS] In ALPN, why is server response a MAY?
Andrei Popov <Andrei.Popov@microsoft.com> Wed, 08 October 2014 21:23 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2C531A19FE for <tls@ietfa.amsl.com>; Wed, 8 Oct 2014 14:23:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2C1OfHJh36mm for <tls@ietfa.amsl.com>; Wed, 8 Oct 2014 14:23:15 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0133.outbound.protection.outlook.com [65.55.169.133]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE46C1A1A1F for <tls@ietf.org>; Wed, 8 Oct 2014 14:23:14 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB420.namprd03.prod.outlook.com (10.141.92.25) with Microsoft SMTP Server (TLS) id 15.0.1044.10; Wed, 8 Oct 2014 21:23:12 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.1044.008; Wed, 8 Oct 2014 21:23:12 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "Salz, Rich" <rsalz@akamai.com>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [TLS] In ALPN, why is server response a MAY?
Thread-Index: Ac/jM3qlrK6MYjM7SyyET+JbT0RlRgABjeUAAABq/gAAAGiHsA==
Date: Wed, 08 Oct 2014 21:23:12 +0000
Message-ID: <c279b694cbf1440e9bdf615b6eb05e37@BL2PR03MB419.namprd03.prod.outlook.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D2FD096D3@USMBX1.msg.corp.akamai.com> <CABkgnnVfHJ-oBrnFxudJ5GONtzR_hGp4xCPZ1TFHMHK_0EAeEg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D2FD0971A@USMBX1.msg.corp.akamai.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C71D2FD0971A@USMBX1.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e8:ed31::3]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB420;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 0358535363
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(13464003)(189002)(377454003)(74316001)(86362001)(80022003)(33646002)(97736003)(105586002)(86612001)(85306004)(107046002)(95666004)(106356001)(99286002)(20776003)(31966008)(92566001)(21056001)(46102003)(122556002)(2656002)(64706001)(101416001)(87936001)(76576001)(76176999)(50986999)(85852003)(19580395003)(4396001)(15975445006)(54356999)(120916001)(76482002)(40100002)(99396003)(108616004)(19580405001)(3826002)(24736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB420; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/SS01yMmWd8TuMBgr13TakKKf3Sc
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] In ALPN, why is server response a MAY?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Oct 2014 21:23:18 -0000
If the server does not reply to ALPN, I think a client can: a) Attempt to proceed with some default application protocol (likely HTTP/1.1 for Web browsers), or b) Use alternative application protocol negotiation mechanism, if available (e.g. application-specific negotiation after TLS handshake), or c) Terminate the handshake if there is no useful default and no alternative protocol negotiation mechanism. Cheers, Andrei -----Original Message----- From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Salz, Rich Sent: Wednesday, October 8, 2014 2:04 PM To: Martin Thomson Cc: TLS@ietf.org (tls@ietf.org) Subject: Re: [TLS] In ALPN, why is server response a MAY? > I'm guessing that servers are able to pretend not to support ALPN at > their convenience. So then a client should assume that ALPN isn't supported and their request wasn't honored?\ -- Principal Security Engineer, Akamai Technologies IM: rsalz@jabber.me Twitter: RichSalz _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] In ALPN, why is server response a MAY? Salz, Rich
- Re: [TLS] In ALPN, why is server response a MAY? Martin Thomson
- Re: [TLS] In ALPN, why is server response a MAY? Salz, Rich
- Re: [TLS] In ALPN, why is server response a MAY? Andrei Popov
- Re: [TLS] In ALPN, why is server response a MAY? Andrei Popov
- Re: [TLS] In ALPN, why is server response a MAY? Mohamad Badra
- Re: [TLS] In ALPN, why is server response a MAY? Salz, Rich
- Re: [TLS] In ALPN, why is server response a MAY? Mohamad Badra
- Re: [TLS] In ALPN, why is server response a MAY? Salz, Rich
- Re: [TLS] In ALPN, why is server response a MAY? Nikos Mavrogiannopoulos