W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: New tunnel protocol

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 27 Jan 2015 09:01:13 +0000
To: "Willy Tarreau" <w@1wt.eu>, "Martin Thomson" <martin.thomson@gmail.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <em19d353db-df05-4625-84c1-af35ec698d4e@bodybag>

Willy - I think the intention is that this is used whether or not there 
is TLS in play, but that the ALPN token used in Tunnel-Protocol wouldn't 
match what is in the ALPN in any tunneled TLS (if any).

E.g. if tunneling SMTP over TLS, you'd advertise smtps in the 
Tunnel-Protocol header, and smtp in the ALPN field in the client helo in 
TLS.

If tunneling SMTP, you'd just advertise smtp in the Tunnel-Protocol 
header.  So it's using the Tunnel-Protocol to describe possibly several 
layers.

I personally would prefer to separate it out so that a proxy can know 
the next layer is TLS regardless of what is transported over TLS.

Adrien


------ Original Message ------
From: "Willy Tarreau" <w@1wt.eu>
To: "Martin Thomson" <martin.thomson@gmail.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Sent: 27/01/2015 7:47:11 p.m.
Subject: Re: New tunnel protocol

>On Mon, Jan 26, 2015 at 04:00:16PM -0800, Martin Thomson wrote:
>>  On 25 January 2015 at 10:57, Willy Tarreau <w@1wt.eu> wrote:
>>  > OK, then maybe put ALPN in the header field's name to remove the
>>  > ambiguity, because there there's nothing that makes it obvious
>>  > that TLS is in use at all, and the name makes one think it's the
>>  > protocol being tunnelled which is named instead of the one inside
>>  > TLS.
>>
>>  I've always considered the name on this draft to be weak. But I
>>  haven't found a name that I liked better.
>
>The name of the draft has little importance, you need one to start
>discussions, so by definition the contents may change over time.
>
>>  Please send suggestions.
>
>For the header field, I'd suggest : Tunnel-ALPN. That clearly covers
>your purpose of advertising the ALPN names registered at IANA.
>
>But like Amos and Adrien, I think that you're missing an opportunity
>to have a header field indicating what is transported when it's not
>TLS, and possibly to make it more flexible to indicate what is put
>on top of TLS. I understand the benefits of ALPN (given that it
>advertises a list of protocols to be negociated), as well as I'm
>pretty convinced about the benefits of indicating what is transported
>so that clients may help policy enforcement detect their protocol and
>validate it (eventhough I respect that it could be out of the scope
>of your proposal).
>
>At least, calling it Tunnel-ALPN or TLS-ALPN, or Tunnel-TLS-ALPN will
>serve your purpose and will not prevent anyone from proposing to
>address the other needs with another non-confusing header field name.
>
>Regards,
>Willy
>
>
Received on Tuesday, 27 January 2015 09:02:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC