Re: [TLS] Questions about ALPN
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 09 April 2014 19:41 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B71A1A0265 for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 12:41:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YHBVBUUn87iB for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 12:41:09 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A45541A0416 for <tls@ietf.org>; Wed, 9 Apr 2014 12:41:09 -0700 (PDT)
Received: from [10.70.10.85] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 81582F986; Wed, 9 Apr 2014 15:41:06 -0400 (EDT)
Message-ID: <5345A248.7050602@fifthhorseman.net>
Date: Wed, 09 Apr 2014 15:40:56 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>
References: <53456D1B.1010804@alum.mit.edu> <CAL9PXLzF5AZ4WuTdCUBu3BY0BDRBj=120DnJefMd7hs-0hcU5w@mail.gmail.com> <CABkgnnUvfHUwHH-BKQjHqToao4FqzRTRhHZBw7cROFXoq1Ftiw@mail.gmail.com> <CAL9PXLw1Z-MBU0N=BWdiXW=C9rjG7pXc7zhnOdzwMUavSb-GwQ@mail.gmail.com> <4bf0dffe7f4e475abf38f1e14e09388e@BL2PR03MB419.namprd03.prod.outlook.com> <CABkgnnUPM=AQTk6y2juQoEcPksNWSTCkgPe4846FWDwm5waxPQ@mail.gmail.com>
In-Reply-To: <CABkgnnUPM=AQTk6y2juQoEcPksNWSTCkgPe4846FWDwm5waxPQ@mail.gmail.com>
X-Enigmail-Version: 1.6+git0.20140323
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="KSxRu3dj3DsWsFaoKfkHaSFSmGEaxt9Mq"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/zfyY3hEy_SyAYwu6erUMRrhrHQc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Questions about ALPN
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 19:41:13 -0000
On 04/09/2014 02:03 PM, Martin Thomson wrote: > On 9 April 2014 10:29, Andrei Popov <Andrei.Popov@microsoft.com> wrote: >> ALPN registry is defined under the "Transport Layer Security (TLS)" heading > > Maybe we should instead consider whether that is an appropriate > location for the registry. whether we place the alpn registry under (D)TLS or not, including all the httpbis labels becomes slightly weird. if ALPN is *not* just for (D)TLS, then h2 is weird because it seems to specify not only the inner protocol in question but also the outer protocol -- what would h2 mean if it was specified in, say, an novel SSH ALPN-identified channel? would it be SSH-wrapping-TLS-wrapping-HTTP? or just SSH-wrapping-HTTP? if ALPN is just for (D)TLS, then h2c is weird because it is defined to not be usable in (D)TLS either. out of curiosity, how is h2c expected to interact with tcpcrypt, (if that ever gets off the ground) or with IPSEC? By definition, it's http over "cleartext TCP". But TCP over IPSEC is encrypted, as would be TCPCrypt. The obvious answer (which is "yeah yeah, it's still h2c, ignore that your TCP channel itself is encrypted") doesn't line up with the explicit wording of the draft ("cleartext TCP"). maybe it should say something like "HTTP directly inside TCP" to head off this hairsplitting. regards, --dkg
- [TLS] Questions about ALPN Paul Kyzivat
- Re: [TLS] Questions about ALPN Adam Langley
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Adam Langley
- Re: [TLS] Questions about ALPN Paul Kyzivat
- Re: [TLS] Questions about ALPN Andrei Popov
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Andrei Popov
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Paul Kyzivat
- Re: [TLS] Questions about ALPN Andrei Popov
- Re: [TLS] Questions about ALPN Paul Kyzivat
- Re: [TLS] Questions about ALPN Andrei Popov
- Re: [TLS] Questions about ALPN Daniel Kahn Gillmor
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Andrei Popov
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Andrei Popov
- Re: [TLS] Questions about ALPN Mohamad Badra
- Re: [TLS] Questions about ALPN Mark Nottingham
- Re: [TLS] Questions about ALPN Michael D'Errico
- Re: [TLS] Questions about ALPN Mark Nottingham
- Re: [TLS] Questions about ALPN Michael D'Errico
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Michael D'Errico
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Michael D'Errico
- Re: [TLS] Questions about ALPN Martin Thomson
- Re: [TLS] Questions about ALPN Michael D'Errico
- Re: [TLS] Questions about ALPN Mark Nottingham