Re: [TLS] Next Protocol Negotiation 03
Andrei Popov <Andrei.Popov@microsoft.com> Thu, 15 November 2012 19:43 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A215921F8A00 for <tls@ietfa.amsl.com>; Thu, 15 Nov 2012 11:43:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.533
X-Spam-Level:
X-Spam-Status: No, score=0.533 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bns6qvqijUv4 for <tls@ietfa.amsl.com>; Thu, 15 Nov 2012 11:43:18 -0800 (PST)
Received: from NA01-BY2-obe.outbound.protection.outlook.com (na01-by2-obe.ptr.protection.outlook.com [207.46.100.29]) by ietfa.amsl.com (Postfix) with ESMTP id 3354921F8946 for <tls@ietf.org>; Thu, 15 Nov 2012 11:43:18 -0800 (PST)
Received: from BY2FFO11FD007.protection.gbl (10.1.15.202) by BY2FFO11HUB025.protection.gbl (10.1.14.111) with Microsoft SMTP Server (TLS) id 15.0.556.9; Thu, 15 Nov 2012 19:43:16 +0000
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD007.mail.protection.outlook.com (10.1.14.128) with Microsoft SMTP Server (TLS) id 15.0.556.9 via Frontend Transport; Thu, 15 Nov 2012 19:43:15 +0000
Received: from tx2outboundpool.messaging.microsoft.com (157.54.51.112) by mail.microsoft.com (157.54.79.180) with Microsoft SMTP Server (TLS) id 14.2.318.3; Thu, 15 Nov 2012 19:42:45 +0000
Received: from mail220-tx2-R.bigfish.com (10.9.14.247) by TX2EHSOBE006.bigfish.com (10.9.40.26) with Microsoft SMTP Server id 14.1.225.23; Thu, 15 Nov 2012 19:41:18 +0000
Received: from mail220-tx2 (localhost [127.0.0.1]) by mail220-tx2-R.bigfish.com (Postfix) with ESMTP id 0EF53BC01C4 for <tls@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Thu, 15 Nov 2012 19:41:18 +0000 (UTC)
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT005.namprd03.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: -2
X-BigFish: PS-2(zz98dI9371I146fI1432Izz1de0h1202h1d1ah1d2ahzz8275bhz31h2a8h668h839h944hd24hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h9a9j1155h)
Received-SPF: softfail (mail220-tx2: transitioning domain of microsoft.com does not designate 157.56.240.21 as permitted sender) client-ip=157.56.240.21; envelope-from=Andrei.Popov@microsoft.com; helo=BL2PRD0310HT005.namprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(299001);DIR:OUT;LANG:en;
Received: from mail220-tx2 (localhost.localdomain [127.0.0.1]) by mail220-tx2 (MessageSwitch) id 1353008476146763_1066; Thu, 15 Nov 2012 19:41:16 +0000 (UTC)
Received: from TX2EHSMHS005.bigfish.com (unknown [10.9.14.245]) by mail220-tx2.bigfish.com (Postfix) with ESMTP id 182E9B800E5; Thu, 15 Nov 2012 19:41:16 +0000 (UTC)
Received: from BL2PRD0310HT005.namprd03.prod.outlook.com (157.56.240.21) by TX2EHSMHS005.bigfish.com (10.9.99.105) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 15 Nov 2012 19:41:15 +0000
Received: from BN1PR03MB069.namprd03.prod.outlook.com (10.255.225.153) by BL2PRD0310HT005.namprd03.prod.outlook.com (10.255.97.40) with Microsoft SMTP Server (TLS) id 14.16.233.3; Thu, 15 Nov 2012 19:41:14 +0000
Received: from BN1PR03MB072.namprd03.prod.outlook.com (10.255.225.156) by BN1PR03MB069.namprd03.prod.outlook.com (10.255.225.153) with Microsoft SMTP Server (TLS) id 15.0.545.9; Thu, 15 Nov 2012 19:41:07 +0000
Received: from BN1PR03MB072.namprd03.prod.outlook.com ([169.254.7.68]) by BN1PR03MB072.namprd03.prod.outlook.com ([169.254.7.106]) with mapi id 15.00.0545.000; Thu, 15 Nov 2012 19:41:07 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Thread-Topic: [TLS] Next Protocol Negotiation 03
Thread-Index: AQHNIlzPyXJEV/H1YEG2j4FhINiIPJarp+EAgAAXsQCAADAaAIE/FnRAgAAqXYCAAAHEsIAAIR+AgAEzNSA=
Date: Thu, 15 Nov 2012 19:41:07 +0000
Message-ID: <f1b53255c1f54773ab92a119c559fe1f@BN1PR03MB072.namprd03.prod.outlook.com>
References: <CAL9PXLy31VzxLidgOy64MnDAyRE=HU=hxyBXW1rgB+Xnd0vKjA@mail.gmail.com> <4F981528.9010903@gnutls.org> <CAL9PXLzWNTxOjRnVPk67anfAkWizagcAsWRWJM3ShY6oWv9PjA@mail.gmail.com> <4F985162.7040405@extendedsubset.com> <f5178418cb4549fea8e210d6a3bc22d1@BN1PR03MB072.namprd03.prod.outlook.com> <CAL9PXLx4Qc_zjDWC2z_Gg-XAZ_VVNtBun9SpHFWe6Fgs=cpYiw@mail.gmail.com> <462d1af8e2f84827abfac376f21d06d2@BN1PR03MB072.namprd03.prod.outlook.com> <7C5DB110-3025-477E-9B59-C7D05C2AEB63@vpnc.org>
In-Reply-To: <7C5DB110-3025-477E-9B59-C7D05C2AEB63@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.255.156.151]
x-forefront-prvs: 0666E15D35
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BL2PRD0310HT005.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%VPNC.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14MLTC102.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14MLTC102.redmond.corp.microsoft.com
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(52314002)(377454001)(51704002)(24454001)(4396001)(54316002)(76482001)(46406002)(16676001)(49866001)(31966008)(74662001)(6806001)(47736001)(33646001)(53806001)(47976001)(51856001)(54356001)(50986001)(56776001)(46102001)(74502001)(50466001)(47776002)(56816001)(44976002)(5343635001)(47446002)(23726001)(24736002); DIR:OUT; SFP:; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0666E15D35
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Next Protocol Negotiation 03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2012 19:43:18 -0000
Paul Hoffman [mailto:paul.hoffman@vpnc.org] wrote: > On Nov 14, 2012, at 3:30 PM, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > > In those situations where the next protocol negotiation needs to be confidential, one could use TLS renegotiation. Alternatively, the next protocol can be negotiated after exchanging Finished messages, outside of the TLS handshake. > Renegotiation adds round trips and complexity, as we have seen in this WG. "Outside of the TLS handshake" just pushes this off to layer 7 and forces a change to all application servers and clients to do the negotiation. It seems cleaner to keep this in TLS. The servers and clients (and/or middleware that they use) will likely need an update anyway, in order to: 1. Enable the TLS-NPN extension; 2. Communicate next protocol options to the TLS layer; 3. Extract the negotiated protocol info from the TLS layer; 4. Switch to the negotiated protocol. Andrei Popov
- [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Yoav Nir
- Re: [TLS] Next Protocol Negotiation 03 Jack Lloyd
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Nikos Mavrogiannopoulos
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Peter Saint-Andre
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Martin Rex
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 George Kadianakis
- Re: [TLS] Next Protocol Negotiation 03 Tom Ritter
- Re: [TLS] Next Protocol Negotiation 03 George Kadianakis
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Wan-Teh Chang
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Wan-Teh Chang
- Re: [TLS] Next Protocol Negotiation 03 Martin Rex
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Ben Laurie
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Paul Hoffman
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov