Re: [TLS] NextProtoNeg concerns
Yoav Nir <ynir@checkpoint.com> Fri, 18 November 2011 11:38 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AD0A21F889A for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 03:38:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.399
X-Spam-Level:
X-Spam-Status: No, score=-10.399 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvuyLXPaGfnK for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 03:38:25 -0800 (PST)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 07A8E21F89B8 for <tls@ietf.org>; Fri, 18 Nov 2011 03:38:23 -0800 (PST)
X-CheckPoint: {4EC6434A-0-1B221DC2-1FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id pAIBcKv0014709; Fri, 18 Nov 2011 13:38:20 +0200
Received: from il-ex03.ad.checkpoint.com (194.29.34.71) by il-ex01.ad.checkpoint.com (194.29.34.26) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 18 Nov 2011 13:38:20 +0200
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex03.ad.checkpoint.com ([194.29.34.71]) with mapi; Fri, 18 Nov 2011 13:38:20 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Marsh Ray <marsh@extendedsubset.com>
Date: Fri, 18 Nov 2011 13:38:20 +0200
Thread-Topic: [TLS] NextProtoNeg concerns
Thread-Index: Acyl5pIZNPRDAV57R5eDPqoFI6d4+Q==
Message-ID: <957E174C-F9A9-488D-86D2-FF0E3E24BF40@checkpoint.com>
References: <4F26370A-E4DA-4EDF-8D33-D77F2D9C89FB@checkpoint.com> <4EC5EEC8.3000903@extendedsubset.com>
In-Reply-To: <4EC5EEC8.3000903@extendedsubset.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-KSE-AntiSpam-Interceptor-Info: protection disabled
Cc: "tls@ietf.org List" <tls@ietf.org>
Subject: Re: [TLS] NextProtoNeg concerns
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2011 11:38:26 -0000
On Nov 18, 2011, at 1:36 PM, Marsh Ray wrote: > On 11/17/2011 11:17 PM, Yoav Nir wrote: >> >> What I really don't like about this proposal, is this text in section >> 3: The "extension_data" field in a "ServerHello" and the >> "NextProtocol" message contain opaque bytes to be used by the >> application layer to negotiate the application layer protocol. The >> format of this data is not specified in this draft. >> >> If you are defining a new extension/handshake message to carry a new >> kind of data (application type) there is no value to this without a >> definition of the format, either in the same document or in a >> companion document. >> >> The examples in the slides show a very specific format: >> "\x06spdy/2\x08http/1.1\x08http/1.0". I don't see why this would not >> be specified in the document. Of course, you would need to set up a >> registry for these strings. For example, I can see how Microsoft >> would want to register SSTP, and other vendors would register their >> own SSL-VPN protocols as well. > > What if you're a small application developer, perhaps with a single > application or running only a few servers. Should you be expected to > register your format before using it? > > Would it be expected to follow the same length-value format as the example? > > Would anyone ever be denied registration? What if their format > definition was technically deficient, or they wanted to reserve a bunch > of unrelated protocol names? That would be up to the draft to specify. You could do it as FCFS or technical expert review - no need for a draft. And we could reserve some prefixes, like exp- (for experiment) and priv- (for private protocol). You could then safely use "exp-marshray-test1"
- [TLS] NextProtoNeg concerns Yoav Nir
- Re: [TLS] NextProtoNeg concerns Marsh Ray
- Re: [TLS] NextProtoNeg concerns Yoav Nir
- Re: [TLS] NextProtoNeg concerns Adam Langley
- Re: [TLS] NextProtoNeg concerns Yoav Nir
- Re: [TLS] NextProtoNeg concerns Adam Langley