[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04

Network Working Group                                         A. Langley
Internet-Draft                                                Google Inc
Expires: February 19, 2011                               August 18, 2010


   Transport Layer Security (TLS) Next Protocol Negotiation Extension
                     draft-agl-tls-nextprotoneg-01

Abstract

   This document describes a Transport Layer Security (TLS) extension
   for application layer protocol negotiation.  This allows the
   application layer to negotiate which protocol should be performed
   over the secure connection.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on February 19, 2011.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect



Langley                 Expires February 19, 2011               [Page 1]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Requirements Notation  . . . . . . . . . . . . . . . . . . . .  4
   3.  Next Protocol Negotiation Extension  . . . . . . . . . . . . .  5
   4.  Security considerations  . . . . . . . . . . . . . . . . . . .  6
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  8
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     7.1.  Normative References . . . . . . . . . . . . . . . . . . .  9
     7.2.  Informative References . . . . . . . . . . . . . . . . . .  9
   Appendix A.  Changes . . . . . . . . . . . . . . . . . . . . . . . 10
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11
































Langley                 Expires February 19, 2011               [Page 2]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


1.  Introduction

   As the Internet has evolved, it has become commonplace for hosts to
   initiate connections based on untrusted and possibly hostile data.
   HTTP [RFC2616] clients are currently the most widespread example of
   this as they will fetch URLs based on the contents of untrusted
   webpages.

   Any time that a connection is initiated based on untrusted data there
   is the possibility of a cross-protocol attack.  If the attacker can
   control the contents of the connection in any way (for example, the
   requested URL in an HTTP connection) they may be able to encode a
   valid message in another protocol.  The connecting host believes that
   it is speaking one protocol but the server understands it to be
   another.  The application of Postel's Law exacerbates the issue as
   many servers will permit gross violations of the expected protocol in
   order to achieve maximum compatibility with clients.

   The WebSockets [websockets] protocol seeks to allow low-latency,
   full-duplex communication between browsers and HTTP servers.
   However, it also permits an unprecedented amount of attacker control
   over the contents of the connection.  In order to prevent cross-
   protocol attacks, a mechanism to assure that both client and server
   are speaking the same protocol is required.  To this end, Next
   Protocol Negotiation extends the TLS [RFC5246] handshake to permit
   both parties to agree on their intended protocol.

























Langley                 Expires February 19, 2011               [Page 3]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


2.  Requirements Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].














































Langley                 Expires February 19, 2011               [Page 4]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


3.  Next Protocol Negotiation Extension

   A new extension type ("next_protocol_negotiation(TBD)") is defined
   and MAY be included by the client in its "ClientHello" message.  If,
   and only if, the server sees this extension in the "ClientHello", it
   MAY choose to include the extension in its "ServerHello".

   enum {
     next_protocol_negotiation(TBD), (65535)
   } ExtensionType;

   A new handshake message type ("next_protocol(TBD)") is defined.  If,
   and only if, the server included a "next_protocol_negotiation"
   extension in its ServerHello message, the client MUST send a
   "NextProtocol" message after its "ChangeCipherSpec" and before its
   "Finished" message.

   struct {
     opaque selected_protocol<0..255>;
     opaque padding<0..255>;
   } NextProtocol;

   The "extension_data" field of a "next_protocol_negotiation" in a
   "ClientHello" MUST be empty.

   The "extension_data" field in a "ServerHello" and the "NextProtocol"
   message contain opaque bytes to be used by the application layer to
   negotiate the application layer protocol.  The format of this data is
   not specified in this draft.

   Unlike many other TLS extensions, this extension does not establish
   properties of the session, only of the connection.  When session
   resumption or session tickets [RFC5077] are used, the previous
   contents of this extension are irrelevent and only the values in the
   new handshake messages are considered.

   For the same reasons, after a handshake has been performed for a
   given connection, renegotiations on the same connection MUST NOT
   include the "next_protocol_negotiation" extension.












Langley                 Expires February 19, 2011               [Page 5]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


4.  Security considerations

   The server's list of supported protocols is still advertised in the
   clear with this extension.  This may be undesirable for certain
   protocols (such as Tor [tor]) where one could imagine that hostile
   networks would terminate any TLS connection with a server that
   advertised such a capability.  In this case, clients may wish to
   opportunistically select a protocol that wasn't advertised by the
   server.  However, the workings of such a scheme are outside the scope
   of this document.









































Langley                 Expires February 19, 2011               [Page 6]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


5.  IANA Considerations

   This document requires IANA to update its registry of TLS extensions
   to assign an entry, referred herein as "next_protocol_negotiation".

   This document also requires IANA to update its registry of TLS
   handshake types to assign an entry, referred herein as
   "next_protocol".











































Langley                 Expires February 19, 2011               [Page 7]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


6.  Acknowledgements

   This document benefitted specifically from discussions with Wan-Teh
   Chang and Nagendra Modadugu.















































Langley                 Expires February 19, 2011               [Page 8]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [RFC5077]  Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
              "Transport Layer Security (TLS) Session Resumption without
              Server-Side State", RFC 5077, January 2008.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

7.2.  Informative References

   [websockets]
              Hickson, I., "The Web Socket protocol", Internet Draft
              (work in progress), October 2009.

   [tor]      Dingledine, R., Matthewson, N., and P. Syverson, "Tor: The
              Second-Generation Onion Router", August 2004.

























Langley                 Expires February 19, 2011               [Page 9]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


Appendix A.  Changes

   To be removed by RFC Editor before publication
















































Langley                 Expires February 19, 2011              [Page 10]

Internet-Draft        TLS Next Protocol Negotiation          August 2010


Author's Address

   Adam Langley
   Google Inc

   Email: agl@google.com













































Langley                 Expires February 19, 2011              [Page 11]


Html markup produced by rfcmarkup 1.108, available from http://tools.ietf.org/tools/rfcmarkup/