W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Working Group Last Call for draft-ietf-httpbis-tunnel-protocol

From: Adrien de Croy <adrien@qbik.com>
Date: Mon, 30 Mar 2015 21:20:20 +0000
To: "Martin Thomson" <martin.thomson@gmail.com>
Cc: "Willy Tarreau" <w@1wt.eu>, "Amos Jeffries" <squid3@treenet.co.nz>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <em6b017b97-9da0-4262-b397-81afc1c1530e@bodybag>
OK I understand.

seems like broken layering to me though.

For instance what do you do for foo over TLS over TLS... create fooss?  
foo over SSH becomes foosh?

So to put a protocol over TLS you need to assign another registry entry? 
  And if it can go over some other channel you need to register even 
more?  I see problems with this approach.  Software won't be updated to 
recognise these tokens.  So it will have to resort to sniffing if it 
wants to do anything with the TLS layer (like protecting against bad 
certs).

The design pattern where each layer identifies only the next layer is 
very effective and elegant.  I don't know why we would want to move away 
from that.

It's a misnomer to refer to ALPN as "next layer" negotiation then.  
Maybe I'm being confused by NPN

Adrien


------ Original Message ------
From: "Martin Thomson" <martin.thomson@gmail.com>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "Willy Tarreau" <w@1wt.eu>; "Amos Jeffries" <squid3@treenet.co.nz>; 
"HTTP Working Group" <ietf-http-wg@w3.org>
Sent: 31/03/2015 6:58:27 a.m.
Subject: Re: Working Group Last Call for 
draft-ietf-httpbis-tunnel-protocol

>On 30 March 2015 at 06:43, Adrien de Croy <adrien@qbik.com> wrote:
>>  If you have a foo protocol that is used over TLS or may be used 
>>directly
>>  over TCP, then if you see
>>
>>  ALPN: foo
>>
>>  then how does the registry help you determine if this is foo over TLS 
>>or
>>  plaintext foo, since _surely_ you don't put foos in the TLS ALPN, 
>>since the
>>  "next layer" from TLS is not foos, it is foo.
>
>
>You describe the whole thing. So 'foos' is correct. A protocol of
>foo over TLS over TCP is identified separately from foo over TCP.
Received on Monday, 30 March 2015 21:21:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC