TLS Mapping for Scalability Protocols
<date month="March" year="2014" />
<t>This document defines the mapping for scalability protocols (SP)
running on top of Transport Layer Security (TLS) v1.2 on top of TCP.</t>
<section title = "Underlying protocol">
<t>This mapping should be layered directly on the top of
<xref target='TLS'>TLS</xref> secured
connections. While it is possible to use TLS on top of other
transports, this document specifically concerns itself with TLS
running on top of <xref target='TCP'>TCP</xref>.</t>
<t>Other combinations may be contemplated,
and should follow the same details as discussed here.</t>
<t>As when running SP over TCP directly, the TCP port number is
determined by the application or user.</t>
<t>This mapping follows the details of
<xref target='SPoverTCP'>SP over TCP</xref>.</t>
<section title="Connection initiation">
<t>An initial connection is first established using TCP, then performing
a TLS handshake. This handshake establishes the security parameters
of the connection, including negotiation of cipher suites, exchanging
keys, and possibly performing one or two-way authentication.</t>
<t>The specific details of the TLS negotiation are determined by the
application(s) involved, and are not specified here. This includes
selection of the specific version of TLS or possibly falling back to
SSL version 3 (but not SSL version 1 or 2).</t>
<t>TLS presents an encrypted channel that may be treated as a full duplex
byte stream between peers. This mapping sits within that channel.</t>
<t>Note also that TLS peers may rekey periodically. This happens in the
without involving the upper protocol, and the details need not concern
us here.</t>
<t>Once the TLS layer connection has been established, the communication
commences as detailed in <xref target='SPoverTCP'>SPoverTCP</xref>.
This includes the exchange of the initial protocol headers identifying
the version of SP in use, and the specific protocol type, as well as
requirements to disconnect upon receipt of an invalid
protocol header or an unrecognized SP version.</t>
<section anchor="IANA" title="IANA Considerations">
<t>This memo includes no request to IANA.</t>
<section anchor="Security" title="Security Considerations">
<t>Security considerations are explored in depth as part of
<xref target='TLS'>TLS</xref>. This document does not provide
any further implications beyond that in TLS itself.</t>
<t>The use of SSLv2 is explicitly <xref target='RFC6176'>forbidden</xref>,
as SSLv2 contains known weaknesses.</t>
