[TLS] RFC 4366 server name indication
Peter Williams <home_pw@msn.com> Wed, 20 December 2006 22:28 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx9vd-0004nm-Kk; Wed, 20 Dec 2006 17:28:49 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx9vc-0004nb-Ge for tls@ietf.org; Wed, 20 Dec 2006 17:28:48 -0500
Received: from bay0-omc2-s40.bay0.hotmail.com ([65.54.246.176]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gx9vb-0003Iy-5K for tls@ietf.org; Wed, 20 Dec 2006 17:28:48 -0500
Received: from BAY103-W7 ([65.54.174.107]) by bay0-omc2-s40.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 20 Dec 2006 14:28:46 -0800
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
Message-ID: <BAY103-W7B0AD9FF425B54F73E57A92CF0@phx.gbl>
From: Peter Williams <home_pw@msn.com>
To: tls@ietf.org
Date: Wed, 20 Dec 2006 14:28:46 -0800
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Dec 2006 22:28:46.0821 (UTC) FILETIME=[36DFE950:01C72486]
X-Spam-Score: 2.4 (++)
X-Scan-Signature: a7d2e37451f7f22841e3b6f40c67db0f
Cc:
Subject: [TLS] RFC 4366 server name indication
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1369303916=="
Errors-To: tls-bounces@lists.ietf.org
Summary:- Sanity check sought when using a std server name indication type of host_name, for non classical internet
environments. Do I use properly use host_name, or create a new indication type?
RC4366 specifes that Server name indication allows one to indicate a virtual server name. host_name in the only std type.
So lets assume an "outer" TLS Connection exists between the parties C->S, where the client nic
for TCP is in fact one or many vlans/pseudo-nics in client's bridge/stack. Lets say, the outer TLS Connection
once negotiated also gets its own vlan#base1, with a psuedo-Mac address in the local stack. Perhaps that
MAC even participates in ARP & binds to a DNS record using DHCP.
For whatever reason, the server party decides to create an "inner" TLS Connection , as is its right. It thus
issues an (Extended) client hello etc transferring this over the application_data of the outer connection, using
tunneling techniques using some encapsulation standard (ethernet.v2 say)
In terms of server name extension rules as I read them, the outer tunnel's protocol engine is now the
"application", which gets to "interpret" the host_name sent in the client hello.
Lets say the wireless stack is bridging/trunking at layer 2 various vlans, each if which are adjacent to
vlan#base1 with local ids {vlan#base1#1, vlan#base1#2, vlan#base1#3).
Given the application ( i.e. the TLS-Connection-capable bridge behind vlan.base#1) interprets the name, am
I being consistent with the proposal if I indicate values such as "1.base1.vlan.wirelesslan.isp.com"?
_________________________________________________________________
Type your favorite song. Get a customized station. Try MSN Radio powered by Pandora.
http://radio.msn.com
_______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] RFC 4366 server name indication Peter Williams