Adam,
Is your concern specific to TRAM's proposed use of ALPN, or does it apply to ALPN in general?
Thanks,
Simon
On Wed, Oct 8, 2014 at 1:24 PM, Adam Langley <agl@xxxxxxxxxxxxxxxxxx> wrote:
In the introduction of this document[1], the first example appears to
endorse the idea that a firewall would inspect a TLS handshake and
quash the communication if it saw an ALPN identifier that it didn't
like.
If I'm not misunderstanding this example, then it's contradictory to
the work that the TLS WG is chartered to do[2]:
"Develop a mode that encrypts as much of the handshake as is possible
to reduce the amount of observable data to both passive and active
attackers."
It would be disappointing if an RFC explicitly endorsed middleware
that tries to parse high-level protocols and interferes with the
network based on the result. There might not be much that we can do
about it, but we don't have to condone it.
Cheers
AGL
[1] https://tools.ietf.org/html/draft-ietf-tram-alpn-06#section-1
[2] https://datatracker.ietf.org/doc/charter-ietf-tls/
--
Adam Langley agl@xxxxxxxxxxxxxxxxxx https://www.imperialviolet.org