Re: New tunnel protocol

On Mon, Jan 26, 2015 at 04:00:16PM -0800, Martin Thomson wrote:
> On 25 January 2015 at 10:57, Willy Tarreau <> wrote:
> > OK, then maybe put ALPN in the header field's name to remove the
> > ambiguity, because there there's nothing that makes it obvious
> > that TLS is in use at all, and the name makes one think it's the
> > protocol being tunnelled which is named instead of the one inside
> > TLS.
> I've always considered the name on this draft to be weak.  But I
> haven't found a name that I liked better.

The name of the draft has little importance, you need one to start
discussions, so by definition the contents may change over time.

> Please send suggestions.

For the header field, I'd suggest : Tunnel-ALPN. That clearly covers
your purpose of advertising the ALPN names registered at IANA.

But like Amos and Adrien, I think that you're missing an opportunity
to have a header field indicating what is transported when it's not
TLS, and possibly to make it more flexible to indicate what is put
on top of TLS. I understand the benefits of ALPN (given that it
advertises a list of protocols to be negociated), as well as I'm
pretty convinced about the benefits of indicating what is transported
so that clients may help policy enforcement detect their protocol and
validate it (eventhough I respect that it could be out of the scope
of your proposal).

At least, calling it Tunnel-ALPN or TLS-ALPN, or Tunnel-TLS-ALPN will
serve your purpose and will not prevent anyone from proposing to
address the other needs with another non-confusing header field name.


Received on Tuesday, 27 January 2015 06:47:36 UTC