Re: [TLS] Next Protocol Negotiation 03
Michael D'Errico <mike-list@pobox.com> Wed, 25 April 2012 16:42 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C1F21F8697 for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 09:42:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.339
X-Spam-Level:
X-Spam-Status: No, score=-2.339 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 55N7v4KBJuri for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 09:42:40 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [74.115.168.62]) by ietfa.amsl.com (Postfix) with ESMTP id 74EBB21F8693 for <tls@ietf.org>; Wed, 25 Apr 2012 09:42:40 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 7139B9505; Wed, 25 Apr 2012 12:42:38 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=RFVzQqrZKbaU k9ZBz6UffiLyuCU=; b=UpRRELT1bz5NzpIZSHOJkPu1a+FQX+rjnQzu2ajxtJdv F4gXqMbPj9bRE/ToELINOawQDl/IMUjF0nwDdJa5CNIhsjk2ak7JAcIpJUa/zNG4 2pekZwXMgCn4m+mVq/4k2WBBQOOXtYWtOKbOk4+HMGjRoA+tAxQYpZAfekodDDM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=kYZju0 OSgI3SSBPNbXj2r5fGVJpXKaUsaMbILPne2gw8Un0nxt4LivmXmIkhCfXk1sUlzj MloHFc52+kAtBvtY5UHxt3e51IJZEopEpNeGCTNLbqvKbgj6kSQWVp194L5Ll/hn UOvBjqDztcAsz+f4/CL1TR09ghTBS3iU8nbIY=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 5297994FB; Wed, 25 Apr 2012 12:42:38 -0400 (EDT)
Received: from iMac.local (unknown [68.224.233.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 43C4794FA; Wed, 25 Apr 2012 12:42:37 -0400 (EDT)
Message-ID: <4F982973.1010804@pobox.com>
Date: Wed, 25 Apr 2012 09:42:27 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
References: <CAL9PXLy31VzxLidgOy64MnDAyRE=HU=hxyBXW1rgB+Xnd0vKjA@mail.gmail.com> <4F981528.9010903@gnutls.org>
In-Reply-To: <4F981528.9010903@gnutls.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: AA649BB6-8EF5-11E1-B783-8BEB728A0A4D-38729857!a-pb-sasl-sd.pobox.com
Cc: tls@ietf.org
Subject: Re: [TLS] Next Protocol Negotiation 03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 16:42:41 -0000
Nikos Mavrogiannopoulos wrote: > > My understanding is, that instead of having a simple: > ClientHello: I want protocols A, or B. > ServerHello: Let's talk A. > > We have > ClientHello: I want to negotiate a protocol > ServerHello: I have A or B. > ... > Client NPN message: Let's talk A. > > That's really different from any other negotiation in TLS. > I understand that you might want to hide the protocol that > they are actually talking, but is this the way to do it? Hiding the protocol is problematic if the server wants to use the NextProtocol as part of its certificate selection process. It would need to be in the ClientHello extension. Also, if we're going to go down the road of sending Handshake messages after ChangeCipherSpec (NPN, concealed client cert), then I'd suggest that there should be no order imposed on these messages; otherwise the state machine logic could get unwieldy quickly, not to mention the difficulty in writing the specs. Further, we should not create another registry of protocol names (the Google Tech Note lists "http/1.1", "spdy/1", and "spdy/2" as being in use). Please leverage the existing IANA list of well-known services for this (so we don't need to duplicate definitions for "smtp", "imap4", etc.), along with the standard "x-" prefix for anything experimental like SPDY ("x-google-spdy-2" as an example). Mike
- [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Yoav Nir
- Re: [TLS] Next Protocol Negotiation 03 Jack Lloyd
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Nikos Mavrogiannopoulos
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Peter Saint-Andre
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Nico Williams
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Michael D'Errico
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Martin Rex
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 George Kadianakis
- Re: [TLS] Next Protocol Negotiation 03 Tom Ritter
- Re: [TLS] Next Protocol Negotiation 03 George Kadianakis
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Wan-Teh Chang
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Wan-Teh Chang
- Re: [TLS] Next Protocol Negotiation 03 Martin Rex
- Re: [TLS] Next Protocol Negotiation 03 Marsh Ray
- Re: [TLS] Next Protocol Negotiation 03 Ben Laurie
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov
- Re: [TLS] Next Protocol Negotiation 03 Adam Langley
- Re: [TLS] Next Protocol Negotiation 03 Paul Hoffman
- Re: [TLS] Next Protocol Negotiation 03 Andrei Popov