Re: [TLS] New draft for "next protocol"
David Holmes <d.holmes@f5.com> Mon, 16 May 2011 03:45 UTC
Return-Path: <d.holmes@f5.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92B43E0723 for <tls@ietfa.amsl.com>; Sun, 15 May 2011 20:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdFtx1m49rk7 for <tls@ietfa.amsl.com>; Sun, 15 May 2011 20:45:55 -0700 (PDT)
Received: from mail.f5.com (mail.f5.com [208.85.210.139]) by ietfa.amsl.com (Postfix) with ESMTP id E6DF4E071B for <tls@ietf.org>; Sun, 15 May 2011 20:45:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=f5.com; i=d.holmes@f5.com; q=dns/txt; s=seattle; t=1305517555; x=1337053555; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=hBvn1zDbc/5NyXkJvfTlX3978+sv6rZ7RUT7zR+CDWA=; b=soA5rYEmP+grKcFtAAA2o0JcwDSekbbKYX9myUGpqdDutVpqS2yi5koU H6gzVrsmkhPerx/PGk1yTBvXMA7C4qdHswKz+hZOBxszH4hgMJKcY9OxP NUjUU2zuiHWBWOoETv6KwHKa/KYZzJ0noAAx2B428hld0GCUkYtHGWWAh 8=;
X-IronPort-AV: E=Sophos;i="4.64,372,1301875200"; d="scan'208";a="27065997"
Received: from unknown (HELO exchmail.f5net.com) ([192.168.10.240]) by mail.f5.com with ESMTP/TLS/AES128-SHA; 16 May 2011 03:45:53 +0000
Received: from TKYEUM02.olympus.F5Net.com (192.168.15.127) by SEAECAS03.olympus.F5Net.com (192.168.16.222) with Microsoft SMTP Server (TLS) id 14.1.289.1; Sun, 15 May 2011 20:45:52 -0700
Received: from SEAEMBX02.olympus.F5Net.com ([fe80::a5e3:d11c:e46a:e7c7]) by tkyeum02.olympus.F5Net.com ([::1]) with mapi id 14.01.0289.001; Sun, 15 May 2011 20:45:52 -0700
From: David Holmes <d.holmes@f5.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] New draft for "next protocol"
Thread-Index: AQHMEmdiZwkAgOQUW0GswwZjaghjS5SO0Bqw
Date: Mon, 16 May 2011 03:45:51 +0000
Message-ID: <4851D6E10A7F63448F4B32C3E2814AC91772C79D@SEAEMBX02.olympus.F5Net.com>
References: <24ADE5FF-FDEE-493E-A00A-F6C5F274A7C3@vpnc.org>
In-Reply-To: <24ADE5FF-FDEE-493E-A00A-F6C5F274A7C3@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.16.200]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] New draft for "next protocol"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2011 03:45:55 -0000
Very interesting! I had assumed that the "next-protocol" extension was to inform the server (or proxy, or load-balancer) so that it could do better pre-loading, caching or optimizing. I was surprised to see the extension described as a countermeasure for a cross-protocol attack. Can you describe in more detail how the extension works against an attacker? And let me apologize if this has already been discussed, I don't remember seeing it on the mailing list.
- [TLS] New draft for "next protocol" Paul Hoffman
- Re: [TLS] New draft for "next protocol" David Holmes
- Re: [TLS] New draft for "next protocol" Adam Langley
- Re: [TLS] New draft for "next protocol" Matt McCutchen
- Re: [TLS] New draft for "next protocol" Adam Langley
- Re: [TLS] New draft for "next protocol" Florian Weimer