Hi Ekr, As Sara wrote, the spec had ALPN. The WG consensus during the IETF 108 meeting was very strong to take it out, including quite strong statements from you along the lines that distinguishing between XoT and DOT was an incorrect usage of ALPN.
I understand that the perspective changed since IETF108 (that WG discussion was at the end of July 2020) and that communications were not wide enough for us to know about it in March when the WG moved the draft to WGLC, Directorates Review, and IETF LC On Thu, Apr 29, 2021 at 14:25 Eric Rescorla <e...@rtfm.com> wrote: > Probably not, but I agree with MT. > > The general idea here is that any given protocol trace should only be > interpretable in one way. So, either you need the interior protocol to be > self-describing or you need to separate the domains with ALPN. I don't > believe that either the IP ACL or mTLS addresses this issue, and in fact > arguably mTLS makes the problem worse because it provides authenticated > protocol traces which might be usable for cross-protocol attacks. > > -Ekr > > > On Thu, Apr 29, 2021 at 7:26 AM Salz, Rich <rsalz= > 40akamai....@dmarc.ietf.org> wrote: > >> > No new protocol should use TLS without ALPN. It only opens space >> for cross-protocol attacks. Did the working group consider this >> possibility in their discussions? >> >> I don't believe that message has been made as public as it should be. >> >> _______________________________________________ >> dns-privacy mailing list >> dns-priv...@ietf.org >> https://www.ietf.org/mailman/listinfo/dns-privacy >> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
