rfc/sp-tls-mapping-01.txt - third_party/nanomsg - Git at Google



 Internet Engineering Task Force                          G. D'Amore, Ed.
 Internet-Draft
 Intended status: Informational                            March 27, 2014
 Expires: September 28, 2014


                  TLS Mapping for Scalability Protocols
                            sp-tls-mapping-01

 Abstract

    This document defines the mapping for scalability protocols (SP)
    running on top of Transport Layer Security (TLS) v1.2 on top of TCP.

 Status of This Memo

    This Internet-Draft is submitted in full conformance with the
    provisions of BCP 78 and BCP 79.

    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.

    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."

    This Internet-Draft will expire on September 28, 2014.

 Copyright Notice

    Copyright (c) 2014 IETF Trust and the persons identified as the
    document authors.  All rights reserved.

    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
    carefully, as they describe your rights and restrictions with respect
    to this document.  Code Components extracted from this document must
    include Simplified BSD License text as described in Section 4.e of
    the Trust Legal Provisions and are provided without warranty as
    described in the Simplified BSD License.


 D'Amore                Expires September 28, 2014               [Page 1]

 Internet-Draft           TLS/TCP mapping for SPs              March 2014


 1.  Underlying protocol

    This mapping should be layered directly on the top of TLS [TLS]
    secured connections.  While it is possible to use TLS on top of other
    transports, this document specifically concerns itself with TLS
    running on top of TCP [TCP].

    Other combinations may be contemplated, and should follow the same
    details as discussed here.

    As when running SP over TCP directly, the TCP port number is
    determined by the application or user.

    This mapping follows the details of SP over TCP [SPoverTCP].

 2.  Connection initiation

    An initial connection is first established using TCP, then performing
    a TLS handshake.  This handshake establishes the security parameters
    of the connection, including negotiation of cipher suites, exchanging
    keys, and possibly performing one or two-way authentication.

    The specific details of the TLS negotiation are determined by the
    application(s) involved, and are not specified here.  This includes
    selection of the specific version of TLS or possibly falling back to
    SSL version 3 (but not SSL version 1 or 2).

    TLS presents an encrypted channel that may be treated as a full
    duplex byte stream between peers.  This mapping sits within that
    channel.

    Note also that TLS peers may rekey periodically.  This happens in the
    without involving the upper protocol, and the details need not
    concern us here.

    Once the TLS layer connection has been established, the communication
    commences as detailed in SPoverTCP [SPoverTCP].  This includes the
    exchange of the initial protocol headers identifying the version of
    SP in use, and the specific protocol type, as well as requirements to
    disconnect upon receipt of an invalid protocol header or an
    unrecognized SP version.

 3.  IANA Considerations

    This memo includes no request to IANA.


 D'Amore                Expires September 28, 2014               [Page 2]

 Internet-Draft           TLS/TCP mapping for SPs              March 2014


 4.  Security Considerations

    Security considerations are explored in depth as part of TLS [TLS].
    This document does not provide any further implications beyond that
    in TLS itself.

    The use of SSLv2 is explicitly forbidden [RFC6176], as SSLv2 contains
    known weaknesses.

 5.  References

    [TCP]      Postel, J., "Transmission Control Protocol", STD 7, RFC
               793, September 1981.

    [TLS]      Dierks, T. and E. Rescorla, "The Transport Layer Security
               (TLS) Protocol Version 1.2", RFC 5246, August 2008.

    [RFC6176]  Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer
               (SSL) Version 2.0", RFC 6176, March 2011.

    [SPoverTCP]
               Sustrik, M., "TCP mapping for SPs", August 2013.

 Author's Address

    Garrett D'Amore (editor)

    Email: garrett@damore.org


 D'Amore                Expires September 28, 2014               [Page 3]




	Internet Engineering Task Force G. D'Amore, Ed.
	Internet-Draft
	Intended status: Informational March 27, 2014
	Expires: September 28, 2014


	TLS Mapping for Scalability Protocols
	sp-tls-mapping-01

	Abstract

	This document defines the mapping for scalability protocols (SP)
	running on top of Transport Layer Security (TLS) v1.2 on top of TCP.

	Status of This Memo

	This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.

	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."

	This Internet-Draft will expire on September 28, 2014.

	Copyright Notice

	Copyright (c) 2014 IETF Trust and the persons identified as the
	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as
	described in the Simplified BSD License.






	D'Amore Expires September 28, 2014 [Page 1]

	Internet-Draft TLS/TCP mapping for SPs March 2014


	1. Underlying protocol

	This mapping should be layered directly on the top of TLS [TLS]
	secured connections. While it is possible to use TLS on top of other
	transports, this document specifically concerns itself with TLS
	running on top of TCP [TCP].

	Other combinations may be contemplated, and should follow the same
	details as discussed here.

	As when running SP over TCP directly, the TCP port number is
	determined by the application or user.

	This mapping follows the details of SP over TCP [SPoverTCP].

	2. Connection initiation

	An initial connection is first established using TCP, then performing
	a TLS handshake. This handshake establishes the security parameters
	of the connection, including negotiation of cipher suites, exchanging
	keys, and possibly performing one or two-way authentication.

	The specific details of the TLS negotiation are determined by the
	application(s) involved, and are not specified here. This includes
	selection of the specific version of TLS or possibly falling back to
	SSL version 3 (but not SSL version 1 or 2).

	TLS presents an encrypted channel that may be treated as a full
	duplex byte stream between peers. This mapping sits within that
	channel.

	Note also that TLS peers may rekey periodically. This happens in the
	without involving the upper protocol, and the details need not
	concern us here.

	Once the TLS layer connection has been established, the communication
	commences as detailed in SPoverTCP [SPoverTCP]. This includes the
	exchange of the initial protocol headers identifying the version of
	SP in use, and the specific protocol type, as well as requirements to
	disconnect upon receipt of an invalid protocol header or an
	unrecognized SP version.

	3. IANA Considerations

	This memo includes no request to IANA.






	D'Amore Expires September 28, 2014 [Page 2]

	Internet-Draft TLS/TCP mapping for SPs March 2014


	4. Security Considerations

	Security considerations are explored in depth as part of TLS [TLS].
	This document does not provide any further implications beyond that
	in TLS itself.

	The use of SSLv2 is explicitly forbidden [RFC6176], as SSLv2 contains
	known weaknesses.

	5. References

	[TCP] Postel, J., "Transmission Control Protocol", STD 7, RFC
	793, September 1981.

	[TLS] Dierks, T. and E. Rescorla, "The Transport Layer Security
	(TLS) Protocol Version 1.2", RFC 5246, August 2008.

	[RFC6176] Turner, S. and T. Polk, "Prohibiting Secure Sockets Layer
	(SSL) Version 2.0", RFC 6176, March 2011.

	[SPoverTCP]
	Sustrik, M., "TCP mapping for SPs", August 2013.

	Author's Address

	Garrett D'Amore (editor)

	Email: garrett@damore.org























	D'Amore Expires September 28, 2014 [Page 3]