Re: [TLS] Encrypting ALPN and other unused extensions
Watson Ladd <watsonbladd@gmail.com> Sat, 26 April 2014 02:34 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDC861A02D2 for <tls@ietfa.amsl.com>; Fri, 25 Apr 2014 19:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YCov7rsu8QbF for <tls@ietfa.amsl.com>; Fri, 25 Apr 2014 19:34:33 -0700 (PDT)
Received: from mail-yh0-x22e.google.com (mail-yh0-x22e.google.com [IPv6:2607:f8b0:4002:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id E692A1A03DB for <tls@ietf.org>; Fri, 25 Apr 2014 19:34:32 -0700 (PDT)
Received: by mail-yh0-f46.google.com with SMTP id c41so3089868yho.33 for <tls@ietf.org>; Fri, 25 Apr 2014 19:34:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=geEgxF/PIL3hzIm/zujuGAUS6D6FvuDVkeEgB4CqstY=; b=ith61Wbe04AHo5cGvaO8huhxK5uopGL1SDUPPEL7B+06pXEQB5Lo8i+f7GElIKzTpc K0Wn2KoIAdQRRcM7zuCox7q1ObVUQSdY4uQvYzcqmja+rjL4y2t3qhFdAsAgM2z7K1R7 3S7GaTp0f4WAW9wjEhB8lkj+kr2xNCmajGKD+TBQ8KYUAJYBLnXVzIf14YqPkK/Q/EK1 iaWXh5ACt47GzMPO8PuRXJgFaywRTm1bHFj/JvA/6Wx34A5IaSE7KN8jGBcz109Y3xo3 k8E4ucpN4eIlsSFJqWVB7+DQfAmDpq6d0768O/NHPPWyixARAVbVhVeiOy0RPupWFUm+ 9V5w==
MIME-Version: 1.0
X-Received: by 10.236.94.197 with SMTP id n45mr17156023yhf.46.1398479666235; Fri, 25 Apr 2014 19:34:26 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Fri, 25 Apr 2014 19:34:26 -0700 (PDT)
In-Reply-To: <D40A7DE25C5AA54195F82EA553F24460098E8321CB@USMBX1.msg.corp.akamai.com>
References: <535A8CED.7030805@pobox.com> <20140425173608.E1A2E1ACE0@ld9781.wdf.sap.corp> <D40A7DE25C5AA54195F82EA553F24460098E8321CB@USMBX1.msg.corp.akamai.com>
Date: Fri, 25 Apr 2014 19:34:26 -0700
Message-ID: <CACsn0cmcNXksu0ig8ZzkuAwBGrBSPv2yAg8XdBDC72j4F2HBJg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "Gero, Charlie" <cgero@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/dVIxCENKMh3SEzgt5h1kaZ1oOEs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Encrypting ALPN and other unused extensions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Apr 2014 02:34:35 -0000
On Fri, Apr 25, 2014 at 11:20 AM, Gero, Charlie <cgero@akamai.com> wrote: > Why is there no need for the TLS stack to use this information? If SNI is enabled, it can be what the server uses to select the certificate and possibly the cipher it chooses to use on servers where IP space is limited. In your example, the dispatch server needs to use SNI (if not using distinguishable VIPs) in order to relay to the other machines. Cipher selection and certificate presentation is part of TLS, and SNI can be used as a selector for both. Additionally, Michael is correct in that ALPN could be used in the certificate selection process, but also in the cipher selection process. If the argument is that the application is really the layer that is using this information to inform the TLS layer what to do next, then that is semantics and hard to argue. But the intent is the same. SNI and ALPN can be used to alter the path the rest of the handshake takes (and for many hosts, will be the case). For SNI this is true. But ALPN? Remember it was introduced to handle HTTP 2.0 vs HTTP 1.0: I don't see people rushing out to use different certs per protocol. Authenticating services is an interesting idea, but if I trust a host, I can trust what it tells me about which service I connect to. (Paul Lambert asked me a related question: does TLS ensure that I'm talking to the right *port*? A quick read of RFC 5246 indicates it doesn't) Just because it's possible to pick a certificate based on something, doesn't mean people do it. Secondly, I don't like the idea of having two handshakes with different security properties. The lower one is the only one you can be sure you will get. I also think that forcing 1-RTT to depend on knowing a semi-static key is unnecessary, and while browsers will do it, it's more generally useful and so we should work to preserve it for programmatic clients. (Yes, programmatic clients can use an interface for storing these keys. However, it is more complicated than if they do not, and makes the API a bit messy) 0-RTT requires a semi-static key: no two ways around it. Sincerely, Watson Ladd > > -----Original Message----- > From: Martin Rex [mailto:mrex@sap.com] > Sent: Friday, April 25, 2014 1:36 PM > To: Michael D'Errico > Cc: tls@ietf.org > Subject: Re: [TLS] Encrypting ALPN and other unused extensions > > Michael D'Errico wrote: >> Watson Ladd wrote: >> > >> > Some extensions aren't used by the TLS layer, like ALPN. >> >> ALPN is used by the TLS layer. The requested protocol is one of >> several inputs to a server's certificate selection algorithm, along >> with the SNI. > > I agree that the information is conveyed within the TLS protocol, so the TLS stack may need to be able to pass this information between TLS stack an application, but there is no need that the TLS stack uses this information for anything. > > With TLS extension SNI, the server side TLS stack might even completely ignore the information, i.e. not implement it. > > A Hosting provider could set up an SNI-aware load balancer and dispatch/NAT incoming TLS sessions in opaque fashion to individual TLS servers, and the individual server can just ignore the contents of TLS extension SNI (or may not even implement it), and virtual hosting would still work just fine. There would be no server name confirmantion in ServerHello extensions, but that is a quite irrelevant part of TLS extension SNI. > > > -Martin > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [TLS] Encrypting ALPN and other unused extensions Watson Ladd
- Re: [TLS] Encrypting ALPN and other unused extens… Eric Rescorla
- Re: [TLS] Encrypting ALPN and other unused extens… Michael D'Errico
- Re: [TLS] Encrypting ALPN and other unused extens… Martin Thomson
- Re: [TLS] Encrypting ALPN and other unused extens… Martin Rex
- Re: [TLS] Encrypting ALPN and other unused extens… Gero, Charlie
- Re: [TLS] Encrypting ALPN and other unused extens… Watson Ladd
- Re: [TLS] Encrypting ALPN and other unused extens… Martin Thomson
- Re: [TLS] Encrypting ALPN and other unused extens… Michael D'Errico
- Re: [TLS] Encrypting ALPN and other unused extens… Paul Hoffman
- Re: [TLS] Encrypting ALPN and other unused extens… Peter Gutmann
- Re: [TLS] Encrypting ALPN and other unused extens… Watson Ladd
- Re: [TLS] Encrypting ALPN and other unused extens… Michael D'Errico
- Re: [TLS] Encrypting ALPN and other unused extens… Watson Ladd
- Re: [TLS] Encrypting ALPN and other unused extens… Salz, Rich