Re: [TLS] ALPN - specifying client preference
Andrei Popov <Andrei.Popov@microsoft.com> Tue, 09 April 2013 17:09 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2537B21F91BC for <tls@ietfa.amsl.com>; Tue, 9 Apr 2013 10:09:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.534
X-Spam-Level:
X-Spam-Status: No, score=0.534 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fGeF7-44JKdJ for <tls@ietfa.amsl.com>; Tue, 9 Apr 2013 10:09:18 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0207.outbound.protection.outlook.com [207.46.163.207]) by ietfa.amsl.com (Postfix) with ESMTP id 193FC21F8FC7 for <tls@ietf.org>; Tue, 9 Apr 2013 10:09:17 -0700 (PDT)
Received: from BL2FFO11FD019.protection.gbl (10.1.15.204) by BY2FFO11HUB023.protection.gbl (10.1.14.110) with Microsoft SMTP Server (TLS) id 15.0.664.0; Tue, 9 Apr 2013 17:09:01 +0000
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD019.mail.protection.outlook.com (10.173.161.37) with Microsoft SMTP Server (TLS) id 15.0.664.0 via Frontend Transport; Tue, 9 Apr 2013 17:09:08 +0000
Received: from ch1outboundpool.messaging.microsoft.com (157.54.51.114) by mail.microsoft.com (157.54.79.174) with Microsoft SMTP Server (TLS) id 14.2.318.3; Tue, 9 Apr 2013 17:08:57 +0000
Received: from mail44-ch1-R.bigfish.com (10.43.68.235) by CH1EHSOBE008.bigfish.com (10.43.70.58) with Microsoft SMTP Server id 14.1.225.23; Tue, 9 Apr 2013 17:07:08 +0000
Received: from mail44-ch1 (localhost [127.0.0.1]) by mail44-ch1-R.bigfish.com (Postfix) with ESMTP id EA48C4006D for <tls@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Tue, 9 Apr 2013 17:07:07 +0000 (UTC)
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT002.namprd03.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: -21
X-BigFish: PS-21(zz9371I1469Kc85fh4015Izz1f42h1fc6h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ahzz1033IL17326ah18c673h8275bh8275dhz31h2a8h668h839hd24hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h1ad9h1b0ah1bceh17ej9a9j1155h)
Received-SPF: softfail (mail44-ch1: transitioning domain of microsoft.com does not designate 157.56.240.21 as permitted sender) client-ip=157.56.240.21; envelope-from=Andrei.Popov@microsoft.com; helo=BL2PRD0310HT002.namprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:SKI; SFS:; DIR:OUT; SFP:; SCL:-1; SRVR:BN1PR03MB070; H:BN1PR03MB072.namprd03.prod.outlook.com; LANG:en;
Received: from mail44-ch1 (localhost.localdomain [127.0.0.1]) by mail44-ch1 (MessageSwitch) id 1365527225395546_24778; Tue, 9 Apr 2013 17:07:05 +0000 (UTC)
Received: from CH1EHSMHS023.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.242]) by mail44-ch1.bigfish.com (Postfix) with ESMTP id 5CA144000A6; Tue, 9 Apr 2013 17:07:05 +0000 (UTC)
Received: from BL2PRD0310HT002.namprd03.prod.outlook.com (157.56.240.21) by CH1EHSMHS023.bigfish.com (10.43.70.23) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 9 Apr 2013 17:07:04 +0000
Received: from BN1PR03MB070.namprd03.prod.outlook.com (10.255.225.154) by BL2PRD0310HT002.namprd03.prod.outlook.com (10.255.97.37) with Microsoft SMTP Server (TLS) id 14.16.287.3; Tue, 9 Apr 2013 17:06:53 +0000
Received: from BN1PR03MB072.namprd03.prod.outlook.com (10.255.225.156) by BN1PR03MB070.namprd03.prod.outlook.com (10.255.225.154) with Microsoft SMTP Server (TLS) id 15.0.651.13; Tue, 9 Apr 2013 17:06:52 +0000
Received: from BN1PR03MB072.namprd03.prod.outlook.com ([169.254.7.211]) by BN1PR03MB072.namprd03.prod.outlook.com ([169.254.7.173]) with mapi id 15.00.0651.000; Tue, 9 Apr 2013 17:06:52 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Ashok Kumar <ashokkumar.j@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] ALPN - specifying client preference
Thread-Index: AQHONO1eLygdXv23qkGmueug6M6Z1pjOF8nA
Date: Tue, 09 Apr 2013 17:06:51 +0000
Message-ID: <e0de82710fd94b2d8f5a01e69146a171@BN1PR03MB072.namprd03.prod.outlook.com>
References: <CAOeYYRf4eJ0EHaWA-yfa+2GyvHQoqrXAY+e6aML6a1UCt9jhDg@mail.gmail.com>
In-Reply-To: <CAOeYYRf4eJ0EHaWA-yfa+2GyvHQoqrXAY+e6aML6a1UCt9jhDg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:a:2:c085:5cb7:cd84:99c5]
Content-Type: multipart/alternative; boundary="_000_e0de82710fd94b2d8f5a01e69146a171BN1PR03MB072namprd03pro_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BN1PR03MB070.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%GMAIL.COM$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14MLTC103.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14MLTC103.redmond.corp.microsoft.com
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(52254001)(164054002)(377454001)(80022001)(65816001)(74502001)(49866001)(81542001)(5343635001)(56816002)(56776001)(44976002)(69226001)(5343655001)(47736001)(18277545001)(564824003)(71186001)(76482001)(15202345001)(6806001)(46102001)(31966008)(54316002)(33646001)(59766001)(63696002)(47976001)(512954001)(20776003)(53806001)(50986001)(51856001)(77982001)(79102001)(74662001)(54356001)(4396001)(16676001)(81342001)(47446002)(18276755001)(16236675001)(3826001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB023; H:TK5EX14MLTC103.redmond.corp.microsoft.com; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08118EFC2B
Subject: Re: [TLS] ALPN - specifying client preference
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 17:09:20 -0000
Hi Ashok, In ALPN, the server SHOULD select the protocol that the server prefers among the protocols advertised by the client. Having said that, the client sends its list of supported protocols in descending order of preference (most-preferred protocol first). This allows some freedom for the server-side implementer to take the client's preference into account, but ultimately the protocol selection occurs on the server. In NPN, the client SHOULD select the first protocol advertised by the server that it also supports, i.e. the server's preferred protocol SHOULD be selected by the client. An exception to this is the case where the client does not support any of the server's protocols, in which case the client simply chooses the client's most preferred protocol. So there is an expectation that the client will honor the server's preference, but practically this depends on the client-side NPN implementation. As for the client preferring "all protocols equally", can you elaborate on the scenario? What would the server do differently if it had this information? Thanks, Andrei From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Ashok Kumar Sent: Monday, April 8, 2013 11:42 PM To: tls@ietf.org Subject: [TLS] ALPN - specifying client preference With NPN, client could choose the protocol that it has better support for. With ALPN, do we intend to add some mechanism where the client can specify its preference? I believe the order in which the protocols are sent give some preference, but is anyone interested in having options to say that client prefers all protocols equally? Regards, Ashok P.S.: I'm new to TLS list and apologize if the query is not relevant. I was thinking more in lines of HTTP headers having qvalues.
- [TLS] ALPN - specifying client preference Ashok Kumar
- Re: [TLS] ALPN - specifying client preference Andrei Popov
- Re: [TLS] ALPN - specifying client preference Ashok Kumar