[TLS] WGLC comments on draft-ietf-tls-applayerprotoneg-01

Martin Thomson <martin.thomson@gmail.com> Mon, 19 August 2013 18:04 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C6FB11E82CC for <tls@ietfa.amsl.com>; Mon, 19 Aug 2013 11:04:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.51
X-Spam-Level:
X-Spam-Status: No, score=-3.51 tagged_above=-999 required=5 tests=[AWL=1.090, BAYES_00=-2.599, GB_I_LETTER=-2, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id okBxpXXYNYJ9 for <tls@ietfa.amsl.com>; Mon, 19 Aug 2013 11:04:02 -0700 (PDT)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 73AF011E82C7 for <tls@ietf.org>; Mon, 19 Aug 2013 11:04:02 -0700 (PDT)
Received: by mail-wg0-f47.google.com with SMTP id j13so3727694wgh.2 for <tls@ietf.org>; Mon, 19 Aug 2013 11:04:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=trHWLh4/3tU+Rkqvg4RFA6VhvAsba8PGU361UdIK6vs=; b=QHdGCjjrTAeGzSy86tR6zXQlnoCc0GOPR2MgfQI6NinVFbZp1PkjjcQJ4v6+3Cu9zO jEo6mLZBllTMh4ztR8/Hu2uRCARNncLaTccBEsdfCoRGnOalq0Gw62inK4bmfvWeeuM7 zXdMSQU7vUY6YiJalZhx7Y0vvZcIfjO0MdLVAiDopoLBXrNMmmbQdUrPKUlCCXKRqkqF AyX64vlDC7oSjsQNeQ10zwx1OwaVYDqtUC54Uygxh34FHwyF4WJG2leEjOLW4wPFd4Ub n2kgbnk3UenBQvwKQePaI5+K1pz6Yvbd2Zdmv0EPRKV4+ram3o5cn4SvscTow0U7+K3T uvlQ==
MIME-Version: 1.0
X-Received: by 10.180.183.19 with SMTP id ei19mr9237159wic.10.1376935441596; Mon, 19 Aug 2013 11:04:01 -0700 (PDT)
Received: by 10.194.28.39 with HTTP; Mon, 19 Aug 2013 11:04:01 -0700 (PDT)
Date: Mon, 19 Aug 2013 11:04:01 -0700
Message-ID: <CABkgnnXUwLQnVNt19Advb3s7ZGoc_Mrmr7AodigxZKyEZmPYwg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset=UTF-8
Subject: [TLS] WGLC comments on draft-ietf-tls-applayerprotoneg-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 18:04:03 -0000

I have read the draft and think that it is largely ready for
publication, though there are a few minor issues that should be
resolved regarding application strings.

(I sent some of these comments to the authors privately.)

Can I request that when you create the registry in ALPN that you do
not register HTTP/2.0?  More likely than not, ALPN will precede
HTTP/2.0 and I want to avoid having a dependency issue, particularly
if we find that we need to change the string for some reason.

I'm also a little concerned about the existence of a registration for
HTTP/1.1, particularly when that registration differs from the string
used in the protocol itself (even if only in letter case).  Have the
authors consulted the HTTPbis working group about these registrations?

The other issue is the definition of the 'exp' prefix.  RFC 6648
advises against defining such constructs.  I would prefer if this
prefix were not defined.