Re: [TLS] Some missing context
Sean Turner <turners@ieca.com> Sun, 17 March 2013 21:44 UTC
Return-Path: <turners@ieca.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38B6D21F8AC8 for <tls@ietfa.amsl.com>; Sun, 17 Mar 2013 14:44:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.745
X-Spam-Level:
X-Spam-Status: No, score=-101.745 tagged_above=-999 required=5 tests=[AWL=0.520, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKj1sSk7Q1a8 for <tls@ietfa.amsl.com>; Sun, 17 Mar 2013 14:44:36 -0700 (PDT)
Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com [69.56.206.4]) by ietfa.amsl.com (Postfix) with ESMTP id 9EBA421F8821 for <tls@ietf.org>; Sun, 17 Mar 2013 14:44:35 -0700 (PDT)
Received: by gateway16.websitewelcome.com (Postfix, from userid 5007) id 091048B5E7CF4; Sun, 17 Mar 2013 16:44:12 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway16.websitewelcome.com (Postfix) with ESMTP id ECFC18B5E7CAD for <tls@ietf.org>; Sun, 17 Mar 2013 16:44:11 -0500 (CDT)
Received: from [198.180.150.142] (port=54194 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1UHLNa-0000fc-SS; Sun, 17 Mar 2013 16:44:34 -0500
Message-ID: <51463941.5040903@ieca.com>
Date: Sun, 17 Mar 2013 17:44:33 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>
References: <CABcZeBOFkcW6XvFqWivn4+WSac727iNVQYBumRBmagwBRv1UXg@mail.gmail.com> <E4EACC43-359D-40DF-933A-ED2DB678469A@checkpoint.com>
In-Reply-To: <E4EACC43-359D-40DF-933A-ED2DB678469A@checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [198.180.150.142]:54194
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Some missing context
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2013 21:44:41 -0000
Hums were taken on ALPN or NPN. After everybody chuckled about it being close. I agreed with Joe that there was a discernible preference for ALPN. I guess the next bit is where we differ. I think a show of hands is just another method the WG chairs can use to determine rough consensus, as documented in RFC 2818. Sure I counted 'em but just standing there looking at the room it was a clear 2/1 ratio for ALPN and that I'd argue that was rough consensus in the room. Then, the chairs took it to the list to confirm it on the list. spt On 3/15/13 7:46 PM, Yoav Nir wrote: > Hi > > I think some of the people who were not in the room are missing the context for this decision. > > Both NPN and ALPN accomplish the same thing. It is to negotiate the application level protocol that is going to run on top of TLS. Currently such negotiation is planned to distinguish between HTTP/1, HTTP/2, and draft versions of HTTP/2, but future applications may use this for other protocols (such as SSL-VPN tunneling clients) > > The difference between them, is that in ALPN the client proposes a list of applications, and the server chooses - all in the clear. With NPN, the server advertises a list of applications in the clear, while the client picks one after the CCS - in an encrypted handshake record. > > There is no question that adding NPN to an existing implementation of TLS requires more lines of code. > > Concerns were raised that middleware might block connections when it doesn't like the application chosen by the server in ALPN. With NPN, middleware that is not a full TLS proxy won't know just by looking at the handshake which protocol was chosen. > > At the meeting there was no rough consensus for either proposal. There was, however, rough consensus that making either decision is better than not making a decision. As someone (Sean?) put it, "deciding is more important than winning". This was also the position of the proponents of both proposals. Given this, we went to an alternate means of making the decision (although one that was not described in RFC 3929) and voted. The result was 25:!2 in favor of ALPN. > > There was also some discussion on the need to encrypt significant parts of the TLS handshake. This was viewed as orthogonal (no need to encrypt this particular piece of data, when other, more sensitive things are still sent in the clear) and may or may not be taken up by the group separately. > > I hope this helps those who were not in the room respond to Ekr's call. > > Yoav > > On Mar 15, 2013, at 5:45 PM, Eric Rescorla <ekr@rtfm.com> wrote: > >> At today's TLS WG f2f meeting we had rough consensus to adopt >> ALPN as the solution to the upper-layer protocol negotiation problem >> posed to us by the HTTP WG. >> >> if you have an opinion on this topic and were not at the meeting, >> please send a message to the mailing list and/or the chairs by >> Friday March 29. >> >> -Ekr >> [For the chairs] > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- Re: [TLS] Confirming consensus for ALPN Mohamad Badra
- [TLS] Confirming consensus for ALPN Eric Rescorla
- Re: [TLS] Confirming consensus for ALPN Mohamad Badra
- Re: [TLS] Confirming consensus for ALPN Juho Vähä-Herttua
- Re: [TLS] Confirming consensus for ALPN Nico Williams
- Re: [TLS] Confirming consensus for ALPN Mohamad Badra
- Re: [TLS] Confirming consensus for ALPN Juho Vähä-Herttua
- Re: [TLS] Confirming consensus for ALPN Juho Vähä-Herttua
- [TLS] Some missing context (was: Confirming conse… Yoav Nir
- Re: [TLS] Some missing context Sean Turner
- Re: [TLS] Confirming consensus for ALPN Hill, Brad
- Re: [TLS] Confirming consensus for ALPN Adam Langley
- Re: [TLS] Confirming consensus for ALPN =JeffH
- Re: [TLS] Confirming consensus for ALPN Adam Langley