Re: [TLS] [Uta] Recommending ALPN (was Re: [dns-privacy] Martin Duke's No Objection on draft-ietf-dprive-xfr-over-tls-11 ...)

Martin Thomson <mt@lowentropy.net> Fri, 30 April 2021 06:46 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DEAF3A16CE; Thu, 29 Apr 2021 23:46:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=LGvRzBhK; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Jf6a750H
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GathdkQnCODv; Thu, 29 Apr 2021 23:46:29 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A78823A16CD; Thu, 29 Apr 2021 23:46:29 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 8376013EA; Fri, 30 Apr 2021 02:46:25 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Fri, 30 Apr 2021 02:46:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=/7rAnPCAAt+Chn+6ULuZvQVxUYX2 r4qeNgu5fnm4igI=; b=LGvRzBhKl9rQXY/7w8OYM/12/x9thno+YntXiCXBQD2c NPPNePFLpE8TTeYdX0+AOkPwd3j58l0ogR0nF8UGeWh3qqfBZ/JVTAJXEalRbYdN kuB3o2UwEhrBph+1L6AaYkOpysOsbzXP2PNn3RODZiAJrwYiSeW/Oy3ooauZ554L i3Lk0NCS8zBSgF44s19Qu0w82vG4lviTEWHURn852ORoGCCDGZYOHLKBG/OasLb1 VJ4MaK1za2LQmeac0f+74XMLUx3H08aNBiE/Di2UTvtSOolLqySea8kC0MAAiA4m XdnNCdxs6ZXAgpehsZfZHmOdfzcRzU1Z0sF/E8v++A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=/7rAnP CAAt+Chn+6ULuZvQVxUYX2r4qeNgu5fnm4igI=; b=Jf6a750HQP5pNfPLkQWJoT rk/X2GD8GIu5bXgE1zQkwzAl5u46fAvulo+MxmhXg80W6JKRo/akAcbiHeH7DASF XErbz9TridfT+ZRgNjvj0vhg1P76sLo95zCBDS6ta8JXC5DIkDdcdNE6pR6cFb4D mPNfna959ubno/yR3mKE+GNk4Co+4VXnyzukpV0n3lQV0JtGmTNvwj9sOohTUXU8 3lTlF7FWZ7F4VpDchoQ2T0ajdaj1YAO7l+xDNJjkKomTzrP8xAGAYFtx4nFCLCrw Oa5d+tNYtWfUqAqHmvHY/spdFEUuXyovBn+OEmYSTLQhNGmtQ8dj4IuWV799sTbA ==
X-ME-Sender: <xms:wKeLYILlfz9QI5uQLCYooaAiIh7WLLNAG6OAkHeWssxQLRSo7K07-w> <xme:wKeLYIKgdYmqMeXCe5dz6zGr8G9iRmHKT9H1YLgdVr5qP4EBmaqZUCWxpcdJVdK5Z IqkuzGqQEmq5l8x9FU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvddvhedguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderreejnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeehfeetudduudehtdekhfdvhfetleffudejgeejffehffevkedu iefgueevkeefleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:wKeLYIt7guBuZ2hphWpU4Bm47XdO0NXr2TJgVclqLJWlt_H_eRdgsQ> <xmx:wKeLYFbolIXeSwel-97akqn1aTZdp1_qIVYM3FlkCYuGs3IqMyk0zw> <xmx:wKeLYPb0r6jb9NU_YMQT3GZemqnzAy6u0Ft2-RmBVD4qMHdZ4XA_0A> <xmx:waeLYABf8VM6N_NY0ipQYO2_zPQgpj8uwR0ySXZ6aeFSZ69dFtV6eA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C221F4E00B9; Fri, 30 Apr 2021 02:46:24 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-403-gbc3c488b23-fm-20210419.005-gbc3c488b
Mime-Version: 1.0
Message-Id: <2d256f02-95f8-44e5-93ab-239478a53a41@www.fastmail.com>
In-Reply-To: <0f9101d73d89$a3f252e0$ebd6f8a0$@gmail.com>
References: <161921129877.20343.10624609154750488813@ietfa.amsl.com> <034F6C49-0195-4FAF-9EF2-1E39E809F902@sinodun.com> <7d8fa1d2-ef1a-4ed3-b660-955248a4ec63@www.fastmail.com> <753E5DAA-37C6-4F82-829D-29DA5458C1DB@akamai.com> <fe80ee08-eebc-45cf-8d83-51f2da83cb96@www.fastmail.com> <0f9101d73d89$a3f252e0$ebd6f8a0$@gmail.com>
Date: Fri, 30 Apr 2021 16:46:05 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: "Valery Smyslov" <smyslov.ietf@gmail.com>
Cc: uta@ietf.org, tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ebbgR38bwMijqow1xjWYIKXCgN8>
Subject: Re: [TLS] =?utf-8?q?=5BUta=5D_Recommending_ALPN_=28was_Re=3A___=5Bdn?= =?utf-8?q?s-privacy=5D_Martin_Duke=27s_No_Objection_on_draft-ietf-dprive-?= =?utf-8?q?xfr-over-tls-11_=2E=2E=2E=29?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2021 06:46:35 -0000

On Fri, Apr 30, 2021, at 16:25, Valery Smyslov wrote:
> The original motivation for 7525bis was to update RFC 7525 in light of 
> TLS 1.3 appearance.
> However, I believe that recommendations for using ALPN are in scope of 
> this document.

How about a new Section 3.7 "Application-Layer Protocol Negotiation":

---
TLS implementations MUST support the Application-Layer Protocol Negotiation (ALPN) extension [RFC7301].  Correct use of ALPN ensures that clients and servers agree on a negotiated protocol.

Newly defined application protocols that use TLS MUST define an ALPN identifier and mandate the use of ALPN for negotiating the protocol.

An existing application protocol might not have been assigned an ALPN identifier.  For other protocols the ALPN identifier might not have been part of the original protocol definition, or use of ALPN might have been defined originally as being optional.  In all of these cases, implementations cannot require the use of ALPN.  A server implementation MUST fail a connection attempt with a fatal "no_application_protocol" alert if it is configured to use a protocol that has no assigned ALPN identifier and a client offers an "application_layer_protocol_negotiation" extension.
---

This last bit might be an update to RFC 7301, but it's important for protecting against cross-protocol attacks on clients that support protocols with ALPN identifiers where the use of ALPN is not guaranteed.