[TLS] Server name extension extensibility problem

To: tls at ietf.org
Subject: [TLS] Server name extension extensibility problem
From: Mike <mike-list at pobox.com>
Date: Wed, 07 May 2008 08:02:57 -0700
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

Hi,

The server_name extension contains a ServerNameList, where:

   struct {
       NameType name_type;
       select (name_type) {
           case host_name: HostName;
       } name;
   } ServerName;

   enum {
       host_name(0), (255)
   } NameType;

   opaque HostName<1..2^16-1>;

   struct {
       ServerName server_name_list<1..2^16-1>
   } ServerNameList;

The text states that this may be extended in the future to
other name types, but I don't think that would be possible.

Suppose you were to add a new NameType and define a new
structure to hold the name.  Software that doesn't know
about the new name type won't know how to skip past it
while parsing the server_name_list, since ServerName is
currently only fully specified for a host_name.

I suppose you could restrict server_name_list to list the
ServerNames in order (host_name first, then the next-
defined name type, and so on), so software could simply
stop decoding once it encounters a type it doesn't know
about, but it's probably too late to do that since there
is already an installed base.

Mike
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Server name extension extensibility problem
  - From: Pasi.Eronen at nokia.com

Prev by Date: [TLS] New co-chair for TLS
Next by Date: Re: [TLS] Server name extension extensibility problem
Previous by thread: [TLS] New co-chair for TLS
Next by thread: Re: [TLS] Server name extension extensibility problem
Index(es):
- Date
- Thread

[TLS] Server name extension extensibility problem

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.