- From: Adrien de Croy <adrien@qbik.com>
- Date: Mon, 30 Mar 2015 21:20:20 +0000
- To: "Martin Thomson" <martin.thomson@gmail.com>
- Cc: "Willy Tarreau" <w@1wt.eu>, "Amos Jeffries" <squid3@treenet.co.nz>, "HTTP Working Group" <ietf-http-wg@w3.org>
OK I understand. seems like broken layering to me though. For instance what do you do for foo over TLS over TLS... create fooss? foo over SSH becomes foosh? So to put a protocol over TLS you need to assign another registry entry? And if it can go over some other channel you need to register even more? I see problems with this approach. Software won't be updated to recognise these tokens. So it will have to resort to sniffing if it wants to do anything with the TLS layer (like protecting against bad certs). The design pattern where each layer identifies only the next layer is very effective and elegant. I don't know why we would want to move away from that. It's a misnomer to refer to ALPN as "next layer" negotiation then. Maybe I'm being confused by NPN Adrien ------ Original Message ------ From: "Martin Thomson" <martin.thomson@gmail.com> To: "Adrien de Croy" <adrien@qbik.com> Cc: "Willy Tarreau" <w@1wt.eu>; "Amos Jeffries" <squid3@treenet.co.nz>; "HTTP Working Group" <ietf-http-wg@w3.org> Sent: 31/03/2015 6:58:27 a.m. Subject: Re: Working Group Last Call for draft-ietf-httpbis-tunnel-protocol >On 30 March 2015 at 06:43, Adrien de Croy <adrien@qbik.com> wrote: >> If you have a foo protocol that is used over TLS or may be used >>directly >> over TCP, then if you see >> >> ALPN: foo >> >> then how does the registry help you determine if this is foo over TLS >>or >> plaintext foo, since _surely_ you don't put foos in the TLS ALPN, >>since the >> "next layer" from TLS is not foos, it is foo. > > >You describe the whole thing. So 'foos' is correct. A protocol of >foo over TLS over TCP is identified separately from foo over TCP.
Received on Monday, 30 March 2015 21:21:59 UTC