IETF Logo Mail Archive

Re: [TLS] request for early IANA assignment for ALPN

Trevor Perrin <trevp@trevp.net> Wed, 27 March 2013 23:29 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39AB121F85DA for <tls@ietfa.amsl.com>; Wed, 27 Mar 2013 16:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.426
X-Spam-Level:
X-Spam-Status: No, score=-0.426 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6WQSqzkg8ZR for <tls@ietfa.amsl.com>; Wed, 27 Mar 2013 16:29:15 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 5411721F8ECD for <tls@ietf.org>; Wed, 27 Mar 2013 16:29:15 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id z53so2934612wey.23 for <tls@ietf.org>; Wed, 27 Mar 2013 16:29:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=FpsOJGUJvrDZj4qYLH+DqmhbvR0jf0lek0E8/j7WSb0=; b=KZMI4HRzxJ9Ql5HftRlJ4udSkiDIzxD/fFloJtkaJB+XLSlB4dT7X/qnOlr3gq3SQ8 fbb6nS5FvsfbtST/di8s/+0EqBp0sSOO1/fFuy2wAYuHbEMR80rZ+QoIfnjfkrQeiXlp NFw93fO/CyA6T5/n51D8E+hKrLSXJcosd1NTIYtnm5QFYBjgUZUc8da43KNwJdacmvnT IU1BWPG4wYKqypWBhtnNsjTQF94D7/SICt/byWPbO4YBL3OJ2V02T902AJOjHkxXmFMu 0DtmzvzTDXW0gMj5tbaIhpXfc2ZxFIzv5p3yveHbHzB+5iJT6Nvcb3+myJL+lNO5iXUV FuRg==
MIME-Version: 1.0
X-Received: by 10.180.105.99 with SMTP id gl3mr12870071wib.22.1364426954527; Wed, 27 Mar 2013 16:29:14 -0700 (PDT)
Received: by 10.216.111.1 with HTTP; Wed, 27 Mar 2013 16:29:14 -0700 (PDT)
X-Originating-IP: [173.11.71.218]
In-Reply-To: <5153717C.4070707@pobox.com>
References: <5152404E.2010702@ieca.com> <op.wuljuskb3dfyax@killashandra.invalid.invalid> <CAGZ8ZG0ZGWXJpN2udi37exLNSK07OksvxG_XrEtzEoV=wg4sGA@mail.gmail.com> <515335EF.70607@pobox.com> <CAGZ8ZG3a1T-4nnRg+aGzFg+ugku2VMDjiZdr8s83OGvqZQ8faQ@mail.gmail.com> <5153717C.4070707@pobox.com>
Date: Wed, 27 Mar 2013 16:29:14 -0700
Message-ID: <CAGZ8ZG3ejyx2eyO53D1WbFvfs3maAPE5vi75ZAswYedvW2QKqg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Michael D'Errico <mike-list@pobox.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQmk3MfdYVNRBgTDrJfCzyrDaVVrFI2EZei2qNYzF6t9JBcbdtX0tsQERl3fO2r2dXjeRKDU
Cc: tls@ietf.org
Subject: Re: [TLS] request for early IANA assignment for ALPN
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 23:29:16 -0000

On Wed, Mar 27, 2013 at 3:23 PM, Michael D'Errico <mike-list@pobox.com> wrote:
> Trevor Perrin wrote:
>>
>> Hmm.... so we'd have to do all interop testing and trial deployments
>> based on an "ExperimentalExtension".  Then - once everything is
>> working and RFCs are assigned - make a major incompatible protocol
>> change to a different extension format.
>
>
> The extension_data would not change.  The only difference would be in
> locating it.

Sure.  But it's still a code change *after* all the testing and
deployment that went into the Internet-Draft.


>> I see the costs and risks here, but not the benefit.
>
>
> The problem with using a range of temporary extension numbers comes when
> you run out and have to reuse one.

I wasn't proposing a separate range of temporary extension numbers.

I was seconding Nikos' proposal that there should be an easy way for
implementors of an Internet-Draft to temporarily reserve "real"
numbers while doing testing and trial deployment.

If the Internet-Draft advances to RFC, those numbers can be enshrined
by IANA.  Otherwise, they're recycled.


>  Somewhere a server that hasn't been
> updated in years will be running code like this:
>
>     switch (extension_number) {
>        case 0x0000:     process_sni_extension(); break;
>
>        case 0xABCD:     // experimental ALPN extension number - REMOVE!
>        case 0x00xx:     // IANA-assigned ALPN extension number
>                         process_alpn_extension(); break;
>     }
>
> If 0xABCD is ever used for any other experimental extension, it could
> cause this server to start acting funny.

We're proposing the opposite of this - instead of having different
code paths for I-D vs RFC, there should be one code path (i.e the IANA
should have assigned 0xABCD, above).


> The problem outlined above, plus it allows for non-IETF-sanctioned
> experiments such as NPN/SPDY.  The wire format of an extension could
> change during the experiment - simply add "v2" to the name instead of
> requiring a new number assignment via rough consensus at the next IETF
> meeting resulting in a wiki update.

If early implementors of an I-D need to make a wire format change, I
think they should upgrade their implementations and keep using the
same temporarily-reserved extension number.


Trevor

v2.23.0 | Report a Bug | By Email