Re: [TLS] TLS 1.3 Application Identifier ?

Paul Lambert <> Thu, 17 July 2014 16:05 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1CC1A1B27B6 for <>; Thu, 17 Jul 2014 09:05:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.266
X-Spam-Status: No, score=-2.266 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3fl5g67kwgJI for <>; Thu, 17 Jul 2014 09:05:33 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DF95F1A0181 for <>; Thu, 17 Jul 2014 09:05:33 -0700 (PDT)
Received: from pps.filterd ( []) by (8.14.5/8.14.5) with SMTP id s6HG3vbN019179; Thu, 17 Jul 2014 09:05:32 -0700
Received: from ([]) by with ESMTP id 1n6d4t0vy6-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 17 Jul 2014 09:05:32 -0700
Received: from ([]) by ([fe80::e56e:83a7:9eef:b5a1%16]) with mapi; Thu, 17 Jul 2014 09:05:31 -0700
From: Paul Lambert <>
To: Mohamad Badra <>, Pascal Urien <>, "" <>
Date: Thu, 17 Jul 2014 09:05:29 -0700
Thread-Topic: [TLS] TLS 1.3 Application Identifier ?
Thread-Index: Ac+h2O6I8sP7r32/RACyaL4RLCxwYQ==
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_CFED415445D24paulmarvellcom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52, 1.0.14, 0.0.0000 definitions=2014-07-17_05:2014-07-17,2014-07-17,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1407170175
Subject: Re: [TLS] TLS 1.3 Application Identifier ?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Jul 2014 16:05:38 -0000

It may or may not map well into TLS, but in other forums, we’re using a 6  octet identifier to describe services (aka applications).
It’s formed as a truncated hash of a “service name”

       serviceId = SHA256( serviceName )[0:6]

It can also be obscured by concatenating the Service Name with a key before creating the identifier.


Hi Pascal
You may have a look at the following document:

Best regards

On Wed, Jul 16, 2014 at 12:32 PM, Pascal Urien <<>> wrote:

Hi All

It seems there is no identifier for the application SDU transported by  TLS 1.3 (which is obviously a transport protocol)

With the legacy TLS, the application is identified by a TCP or UDP port. Some TLS extensions have been proposed to solve this issue.

What about adding a mandatory application identifier in the client hello message?.

It could be a two bytes integer (i.e. TCP or UDP port) or something else such as an application name

A mandatory application identifier in the client hello message avoids tentative connections to non-available applications. It also could establish a logical link between client certificate and applications


Pascal Urien

TLS mailing list<>