Re: [TLS] NextProtoNeg concerns
Yoav Nir <ynir@checkpoint.com> Sat, 19 November 2011 10:15 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99B6121F8A55 for <tls@ietfa.amsl.com>; Sat, 19 Nov 2011 02:15:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.409
X-Spam-Level:
X-Spam-Status: No, score=-11.409 tagged_above=-999 required=5 tests=[AWL=1.190, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6FC2zf5hzMyu for <tls@ietfa.amsl.com>; Sat, 19 Nov 2011 02:15:26 -0800 (PST)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 67A0521F8591 for <tls@ietf.org>; Sat, 19 Nov 2011 02:15:26 -0800 (PST)
X-CheckPoint: {4EC7814E-1-1B221DC2-1FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id pAJAFJYQ002023; Sat, 19 Nov 2011 12:15:23 +0200
Received: from il-ex03.ad.checkpoint.com (194.29.34.71) by il-ex01.ad.checkpoint.com (194.29.34.26) with Microsoft SMTP Server (TLS) id 8.3.213.0; Sat, 19 Nov 2011 12:15:19 +0200
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex03.ad.checkpoint.com ([194.29.34.71]) with mapi; Sat, 19 Nov 2011 12:15:19 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Adam Langley <agl@google.com>
Date: Sat, 19 Nov 2011 12:15:17 +0200
Thread-Topic: [TLS] NextProtoNeg concerns
Thread-Index: AcympCNFQSBzvpV9QZa1nAJfOx+nVw==
Message-ID: <A70306B3-5A72-435B-9685-94DB7E43C514@checkpoint.com>
References: <4F26370A-E4DA-4EDF-8D33-D77F2D9C89FB@checkpoint.com> <CAL9PXLxKuT_n22JjGYvtMqdNtvw3=N9Pev5Y8M4pzLn9Vq+zyQ@mail.gmail.com>
In-Reply-To: <CAL9PXLxKuT_n22JjGYvtMqdNtvw3=N9Pev5Y8M4pzLn9Vq+zyQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-KSE-AntiSpam-Interceptor-Info: protection disabled
Cc: "tls@ietf.org List" <tls@ietf.org>
Subject: Re: [TLS] NextProtoNeg concerns
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2011 10:15:27 -0000
On Nov 18, 2011, at 2:32 PM, Adam Langley wrote: > On Fri, Nov 18, 2011 at 12:17 AM, Yoav Nir <ynir@checkpoint.com> wrote: >> If you are defining a new extension/handshake message to carry a new kind of data (application type) there is no value to this without a definition of the format, either in the same document or in a companion document. > > I agree. The current, sparse form of the draft was simply intended to > omit details in order that the more salient points be obvious. > > I would absolutely expect that any draft would end up specifying the > format of the messages; something like: > > "Protocols are named by opaque, non-empty byte strings and the list of > protocols is serialized as a concatenation of 8-bit, length prefixed > byte strings. Implementations MUST ensure that the empty string is not > included and no byte strings are truncated." > > "The NextProtocol message has the following format: > > struct { > opaque selected_protocol<0..255>; > opaque padding<0..255>; > } NextProtocol; > > The contents of selected_protocol are a protocol but need not have > been advertised by the server. The length of padding should be 32 - > ((len(selected_protocol) + 2) % 32). Note that len(selected_protocol) > does not include its length prefix." I would strongly prefer that it not say "opaque" but rather point to a registry of strings, similar to the TLS exporter label registry http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#exporter-labels That does not have to mean that you need to publish an RFC for each label. The label space is huge, even if we limit in to case-insensitive latin letters plus numbers, slash, point, dash and colon, and up to 12 characters, it still dwarfs the US national debt expressed in Taiwanese cents (assuming there is such a thing as a Taiwanese cent). So a registry like that could be set up on a fcfs basis, with some reserved prefixes (priv-, exp-, com-companyname-) that could be used without registration. Or maybe require a priv- or exp- prefix for anything not specified at all, FCFS or expert review for other prefixes, and standards action for things that don't have a prefix (like "http/1.1", or "SSTP" if Microsoft chooses to document it) Yoav
- [TLS] NextProtoNeg concerns Yoav Nir
- Re: [TLS] NextProtoNeg concerns Marsh Ray
- Re: [TLS] NextProtoNeg concerns Yoav Nir
- Re: [TLS] NextProtoNeg concerns Adam Langley
- Re: [TLS] NextProtoNeg concerns Yoav Nir
- Re: [TLS] NextProtoNeg concerns Adam Langley