Re: [TLS] TLS 1.3 Application Identifier ?

Pascal Urien <pascal.urien@gmail.com> Wed, 16 July 2014 13:32 UTC

Return-Path: <pascal.urien@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E62321B2A8E for <tls@ietfa.amsl.com>; Wed, 16 Jul 2014 06:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XRzc8v2iABeh for <tls@ietfa.amsl.com>; Wed, 16 Jul 2014 06:32:11 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCF0A1B2A37 for <tls@ietf.org>; Wed, 16 Jul 2014 06:32:10 -0700 (PDT)
Received: by mail-qg0-f52.google.com with SMTP id f51so714926qge.39 for <tls@ietf.org>; Wed, 16 Jul 2014 06:32:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=bRyLc4R/ypkX/Z4+Vs/VsjxIjR61zJL061oeSjKm7lM=; b=TyMJ6wfUFmPqpoer/XbXpqqkENpGaO3kXvLJqzj75f1i4Uyhf67xI9cWp72WB+XOmu VETtGqEjGDTR9a2t/YdQhlrFF8DkcREI5M9EMP7O/xKY32sdJ4hJ0HV33Xk1JnvqYsYi InW5kUZ1rRDJsSzlDkVrOzM7pg1rbWhVO/hSi+/soO8Z0jtdLH2/ctpTRfhJ6DZaap0a pXcIhn+VIJC/Cwim7mveARQBmNxeSebL9Hk+G98TCMbsRnOqDdYZV8ru10c6Oi9hTRNr 4voxy6Qacyr8JZV0RzM5fdkrtOipwEqkJSjqY1e3rdfAFS6Ye3TOktt8QlZ2+qVCgSD2 VARA==
MIME-Version: 1.0
X-Received: by 10.229.117.136 with SMTP id r8mr17432687qcq.17.1405517530077; Wed, 16 Jul 2014 06:32:10 -0700 (PDT)
Received: by 10.96.194.225 with HTTP; Wed, 16 Jul 2014 06:32:09 -0700 (PDT)
In-Reply-To: <ce96173c-e886-4c90-a567-8fd445ed7169@email.android.com>
References: <CAEQGKXRhAh2BvwY0xCCf-BN6kh37_athgYQ+Ha7LJE0DYvSCVg@mail.gmail.com> <ce96173c-e886-4c90-a567-8fd445ed7169@email.android.com>
Date: Wed, 16 Jul 2014 15:32:09 +0200
Message-ID: <CAEQGKXTby0hwY+Ttxki1CJ7aimkGOgEuxcGcMw2z_HQt3H0-LQ@mail.gmail.com>
From: Pascal Urien <pascal.urien@gmail.com>
To: Alyssa Rowan <akr@akr.io>
Content-Type: multipart/alternative; boundary=001a1133179c1b200904fe4f8d70
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/V4Er-fFSpOsSiwIe69E-Gla8DHA
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 Application Identifier ?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jul 2014 13:32:14 -0000

It could be  like ALPN

But ALPN is an extension from previous versions of TLS, and is not mandatory

Pascal


2014-07-16 11:17 GMT+02:00 Alyssa Rowan <akr@akr.io>io>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 16 July 2014 09:32:31 BST, Pascal Urien <pascal.urien@gmail.com> wrote:
>
> >It seems there is no identifier for the application SDU transported by
> >TLS
> >1.3 (which is obviously a transport protocol)
> >
> >With the legacy TLS, the application is identified by a TCP or UDP
> >port.
> >Some TLS extensions have been proposed to solve this issue.
>
> Perhaps I am misunderstanding: are you not describing ALPN? It seems what
> you want is an ALPN identifier for your protocol, am I correct?
>
> ALPN seems to be proposed as the preferred way to do this for 1.3, is my
> understanding.
>
> There are obvious metadata concerns involving an untrusted intermediary
> identifying and demultiplexing different applications transported over TLS
> (current ALPN is plaintext) and ways to address this are being explored by
> the WG (although this has tension with those who run large-scale traffic
> balancers which would prefer to avoid doing crypto for both scale and key
> security reasons; I'm not sure that can be cleanly resolved in a
> privacy-preserving manner which satisfies everyone).
>
> - --
> /akr
> -----BEGIN PGP SIGNATURE-----
> Version: APG v1.1.1
>
> iQI3BAEBCgAhBQJTxkMVGhxBbHlzc2EgUm93YW4gPGFrckBha3IuaW8+AAoJEOyE
> jtkWi2t6KOoP/jnvQ4WhOW1/1U1AeFn8p/y3qlaBEelH04jasu3PClTNk8c2ddGx
> ICv6rE1rv8xIA6m1LrqG5kUVqctnUq2JuH6G6FRg2cu8N7QkImaIIZXZzgpmIXmW
> wVTCQ+RN4kmpsYMwdd+ZcwHVORbu09lnG9MI+Bt3Ybv2ck1NLjVz5+o0Iai6HOwu
> S0zMl8cjB2husFluuUUkt4Rk56l415hQf8VF4I4zHkIYcx5b5DHBrZRD+COCCuKO
> kqzeDSl09HVAGYQfkf1WzubUpq501mi39uHvFAY/NYrY51/e6g0fDQavd795bxXT
> rldVix9o8Y6CXSBkK/aKTMgvhoa5GCiBRE3zOAYuSZbpvTUbWwLFDHASkasnQCo1
> yyDgGJXuY8P0dWMKQ0ufOmJ7AgLJnp8EaqjWY1BXAticEPPhQYAtY9oMriuyzd2p
> rw7HkHmIwpCb0Cqu705jFSY+x0F3R+QvhDdGg2jHQIxCUF+2L81oD4n/ekqRZK/n
> B1CkATZoxq4mLHS7rPDLU9HNqRHbhkkUSFmpiE+4KIIarNRfUp+tJzZtAvazo5hw
> iDY+IvQ8mWpUCvvL95LwSSWE4D4PPDMCltcT/6HSBT1080BtaU+r+5HeSAaQRsSq
> 94EtgkuczqRbQjvvgc1nqe11ZK3MZx+RQI9+Qu3r1i3151yV/qPczonh
> =x0a+
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>