Re: [TLS] TLS 1.3 Application Identifier ?

Paul Lambert <paul@marvell.com> Thu, 17 July 2014 16:05 UTC

Return-Path: <paul@marvell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC1A1B27B6 for <tls@ietfa.amsl.com>; Thu, 17 Jul 2014 09:05:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.266
X-Spam-Level:
X-Spam-Status: No, score=-2.266 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3fl5g67kwgJI for <tls@ietfa.amsl.com>; Thu, 17 Jul 2014 09:05:33 -0700 (PDT)
Received: from mx0a-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF95F1A0181 for <tls@ietf.org>; Thu, 17 Jul 2014 09:05:33 -0700 (PDT)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s6HG3vbN019179; Thu, 17 Jul 2014 09:05:32 -0700
Received: from sc-owa04.marvell.com ([199.233.58.150]) by mx0a-0016f401.pphosted.com with ESMTP id 1n6d4t0vy6-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 17 Jul 2014 09:05:32 -0700
Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by SC-OWA04.marvell.com ([fe80::e56e:83a7:9eef:b5a1%16]) with mapi; Thu, 17 Jul 2014 09:05:31 -0700
From: Paul Lambert <paul@marvell.com>
To: Mohamad Badra <mbadra@gmail.com>, Pascal Urien <pascal.urien@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Date: Thu, 17 Jul 2014 09:05:29 -0700
Thread-Topic: [TLS] TLS 1.3 Application Identifier ?
Thread-Index: Ac+h2O6I8sP7r32/RACyaL4RLCxwYQ==
Message-ID: <CFED4154.45D24%paul@marvell.com>
References: <CAEQGKXRhAh2BvwY0xCCf-BN6kh37_athgYQ+Ha7LJE0DYvSCVg@mail.gmail.com> <CAOhHAXxdDqhKu1+d4EUx-=yyJqDhX7i2sFjGTAqo0FP9ox7KxQ@mail.gmail.com>
In-Reply-To: <CAOhHAXxdDqhKu1+d4EUx-=yyJqDhX7i2sFjGTAqo0FP9ox7KxQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.2.140509
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_CFED415445D24paulmarvellcom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52, 1.0.14, 0.0.0000 definitions=2014-07-17_05:2014-07-17,2014-07-17,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1407170175
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/VpLWNfxiy1yV7oM9HdXmJVNHwbU
Subject: Re: [TLS] TLS 1.3 Application Identifier ?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2014 16:05:38 -0000

It may or may not map well into TLS, but in other forums, we’re using a 6  octet identifier to describe services (aka applications).
It’s formed as a truncated hash of a “service name”

       serviceId = SHA256( serviceName )[0:6]

It can also be obscured by concatenating the Service Name with a key before creating the identifier.

Paul


Hi Pascal
You may have a look at the following document:
http://tools.ietf.org/html/draft-badra-tls-multiplexing-01
Or
http://tools.ietf.org/html/draft-badra-hajjeh-mtls-06

Best regards
Badra


On Wed, Jul 16, 2014 at 12:32 PM, Pascal Urien <pascal.urien@gmail.com<mailto:pascal.urien@gmail.com>> wrote:

Hi All

It seems there is no identifier for the application SDU transported by  TLS 1.3 (which is obviously a transport protocol)

With the legacy TLS, the application is identified by a TCP or UDP port. Some TLS extensions have been proposed to solve this issue.

What about adding a mandatory application identifier in the client hello message?.

It could be a two bytes integer (i.e. TCP or UDP port) or something else such as an application name

A mandatory application identifier in the client hello message avoids tentative connections to non-available applications. It also could establish a logical link between client certificate and applications

Regards

Pascal Urien



_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls