Re: [TLS] Application-Layer Protocol Settings

2020-07-08 Thread Martin Thomson
On Thu, Jul 9, 2020, at 00:13, Victor Vasiliev wrote: > For what it's worth, I don't think we should define a new ALPN token > for that; using ALPN tokens for flags will eventually lead to > combinatorial explosion (e.g. "if we define h2_half_rtt, we have to > define h2c_half_rtt", etc), and can

Re: [TLS] invariant or not: one TLS connection per TCP connection?

2020-07-08 Thread Nico Williams
On Tue, Jul 07, 2020 at 09:22:24PM -0700, Benjamin Kaduk wrote: > There's an interesting note in draft-ietf-nfsv4-rpc-tls-08 (currently > in IESG Evaluation): > >The protocol convention specified in the current document assumes >there can be no more than one concurrent TLS session per TCP

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-08 Thread Jim Schaad
From: Mohit Sethi M Sent: Wednesday, July 8, 2020 1:03 AM To: Jim Schaad ; Mohit Sethi M ; draft-ietf-tls-external-psk-guida...@ietf.org Cc: tls@ietf.org Subject: Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00 Hi Jim, On 7/6/20 7:06 PM, Jim Schaad wrote: -Origin

Re: [TLS] Application-Layer Protocol Settings

2020-07-08 Thread Victor Vasiliev
On Tue, Jul 7, 2020 at 1:10 AM Martin Thomson wrote: > Hi Victor, > > For HTTP/2, this is essentially a noop, as endpoints are required to send > SETTINGS immediately. Whether these bytes appear before Finished or not > only affects endpoints that aren't inclined to wait for SETTINGS. This is >

Re: [TLS] invariant or not: one TLS connection per TCP connection?

2020-07-08 Thread Eric Rescorla
On Wed, Jul 8, 2020 at 3:59 AM Benjamin Kaduk wrote: > Hi all, > > There's an interesting note in draft-ietf-nfsv4-rpc-tls-08 (currently > in IESG Evaluation): > >The protocol convention specified in the current document assumes >there can be no more than one concurrent TLS session per TC

[TLS] invariant or not: one TLS connection per TCP connection?

2020-07-08 Thread Benjamin Kaduk
Hi all, There's an interesting note in draft-ietf-nfsv4-rpc-tls-08 (currently in IESG Evaluation): The protocol convention specified in the current document assumes there can be no more than one concurrent TLS session per TCP connection. This is true of current generations of TLS, but m

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-08 Thread Mohit Sethi M
Hi Jim, On 7/6/20 7:06 PM, Jim Schaad wrote: -Original Message- From: Mohit Sethi M Sent: Monday, July 6, 2020 3:10 AM To: Jim Schaad ; draft-ietf-tls-external-psk- guida...@ietf.org Cc: tls