Re: [TLS] TLS 1.3 Application Identifier ?
Alyssa Rowan <akr@akr.io> Wed, 16 July 2014 09:17 UTC
Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90E771B2878 for <tls@ietfa.amsl.com>; Wed, 16 Jul 2014 02:17:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WDcStIU15JHp for <tls@ietfa.amsl.com>; Wed, 16 Jul 2014 02:17:14 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19B671A0368 for <tls@ietf.org>; Wed, 16 Jul 2014 02:17:13 -0700 (PDT)
User-Agent: K-9 Mail for Android
In-Reply-To: <CAEQGKXRhAh2BvwY0xCCf-BN6kh37_athgYQ+Ha7LJE0DYvSCVg@mail.gmail.com>
References: <CAEQGKXRhAh2BvwY0xCCf-BN6kh37_athgYQ+Ha7LJE0DYvSCVg@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: Alyssa Rowan <akr@akr.io>
Date: Wed, 16 Jul 2014 10:17:09 +0100
To: "tls@ietf.org" <tls@ietf.org>
Message-ID: <ce96173c-e886-4c90-a567-8fd445ed7169@email.android.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/rewslpOGUvYBDJU86lvRPwZ7JrA
Subject: Re: [TLS] TLS 1.3 Application Identifier ?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jul 2014 09:17:15 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 16 July 2014 09:32:31 BST, Pascal Urien <pascal.urien@gmail.com> wrote: >It seems there is no identifier for the application SDU transported by >TLS >1.3 (which is obviously a transport protocol) > >With the legacy TLS, the application is identified by a TCP or UDP >port. >Some TLS extensions have been proposed to solve this issue. Perhaps I am misunderstanding: are you not describing ALPN? It seems what you want is an ALPN identifier for your protocol, am I correct? ALPN seems to be proposed as the preferred way to do this for 1.3, is my understanding. There are obvious metadata concerns involving an untrusted intermediary identifying and demultiplexing different applications transported over TLS (current ALPN is plaintext) and ways to address this are being explored by the WG (although this has tension with those who run large-scale traffic balancers which would prefer to avoid doing crypto for both scale and key security reasons; I'm not sure that can be cleanly resolved in a privacy-preserving manner which satisfies everyone). - -- /akr -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI3BAEBCgAhBQJTxkMVGhxBbHlzc2EgUm93YW4gPGFrckBha3IuaW8+AAoJEOyE jtkWi2t6KOoP/jnvQ4WhOW1/1U1AeFn8p/y3qlaBEelH04jasu3PClTNk8c2ddGx ICv6rE1rv8xIA6m1LrqG5kUVqctnUq2JuH6G6FRg2cu8N7QkImaIIZXZzgpmIXmW wVTCQ+RN4kmpsYMwdd+ZcwHVORbu09lnG9MI+Bt3Ybv2ck1NLjVz5+o0Iai6HOwu S0zMl8cjB2husFluuUUkt4Rk56l415hQf8VF4I4zHkIYcx5b5DHBrZRD+COCCuKO kqzeDSl09HVAGYQfkf1WzubUpq501mi39uHvFAY/NYrY51/e6g0fDQavd795bxXT rldVix9o8Y6CXSBkK/aKTMgvhoa5GCiBRE3zOAYuSZbpvTUbWwLFDHASkasnQCo1 yyDgGJXuY8P0dWMKQ0ufOmJ7AgLJnp8EaqjWY1BXAticEPPhQYAtY9oMriuyzd2p rw7HkHmIwpCb0Cqu705jFSY+x0F3R+QvhDdGg2jHQIxCUF+2L81oD4n/ekqRZK/n B1CkATZoxq4mLHS7rPDLU9HNqRHbhkkUSFmpiE+4KIIarNRfUp+tJzZtAvazo5hw iDY+IvQ8mWpUCvvL95LwSSWE4D4PPDMCltcT/6HSBT1080BtaU+r+5HeSAaQRsSq 94EtgkuczqRbQjvvgc1nqe11ZK3MZx+RQI9+Qu3r1i3151yV/qPczonh =x0a+ -----END PGP SIGNATURE-----
- [TLS] TLS 1.3 Application Identifier ? Pascal Urien
- Re: [TLS] TLS 1.3 Application Identifier ? Alyssa Rowan
- Re: [TLS] TLS 1.3 Application Identifier ? Pascal Urien
- Re: [TLS] TLS 1.3 Application Identifier ? Martin Thomson
- Re: [TLS] TLS 1.3 Application Identifier ? Pascal Urien
- Re: [TLS] TLS 1.3 Application Identifier ? Juho Vähä-Herttua
- Re: [TLS] TLS 1.3 Application Identifier ? Mohamad Badra
- Re: [TLS] TLS 1.3 Application Identifier ? Pascal Urien
- Re: [TLS] TLS 1.3 Application Identifier ? Peter Bowen
- Re: [TLS] TLS 1.3 Application Identifier ? Martin Rex
- Re: [TLS] TLS 1.3 Application Identifier ? Watson Ladd
- Re: [TLS] TLS 1.3 Application Identifier ? Paul Lambert
- Re: [TLS] TLS 1.3 Application Identifier ? Pascal Urien
- Re: [TLS] TLS 1.3 Application Identifier ? Watson Ladd
- Re: [TLS] TLS 1.3 Application Identifier ? Pascal Urien
- Re: [TLS] TLS 1.3 Application Identifier ? Alfredo Pironti
- Re: [TLS] TLS 1.3 Application Identifier ? Paul Lambert
- Re: [TLS] TLS 1.3 Application Identifier ? Paul Lambert