Application-Layer Protocol Negotiation (ALPN) Labels for Session Traversal Utilities for NAT (STUN) Usages
RFC 7443
Yes
No Objection
Note: This ballot was opened for revision 07 and is now closed.
(Richard Barnes; former steering group member) Yes
The labels seem a bit long, considering that HTTP/2.0 has gotten slimmed down to h2. It seems worth mentioning in the security considerations the reason why this spec was developed, namely so that proxies intending to handle one type of TLS traffic (HTTPS) could get out of the way or shut down STUN/TLS flows that could cause bad consequences.
(Spencer Dawkins; former steering group member) (was Discuss, Yes) Yes
Amanda has confirmed that the IANA Designated Expert says this draft is good to go. I was holding a Discuss for IANA, and I'm now clearing.
(Adrian Farrel; former steering group member) No Objection
I'd forgotten how much I like short documents. Thanks! Abstract s/layer negotiate/layer to negotiate/
(Alissa Cooper; former steering group member) No Objection
(Barry Leiba; former steering group member) (was Discuss) No Objection
Section 2 is entirely unnecessary. I suggest adding the two citations to Section 3, and then removing Section 2. Simon, thanks for the most excellent shepherd writeup... short, and with exactly the right detail. ...and move to Informational.
(Benoît Claise; former steering group member) No Objection
(Brian Haberman; former steering group member) No Objection
(Jari Arkko; former steering group member) No Objection
(Kathleen Moriarty; former steering group member) No Objection
(Martin Stiemerling; former steering group member) No Objection
(Pete Resnick; former steering group member) No Objection
(Stephen Farrell; former steering group member) No Objection
I saw a comment at one stage in the discussion of this to the effect that TLS1.3 is aiming to hide the ALPN labels which are in clear in TLS1.2. I wasn't sure if that was considered problematic or not for folks interested in this spec. Do we now know? And might that be worth a mention somewhere as it could cause developers problems if they do assume that ALPN labels will be in clear for all time. (And there would I think be a reason for this spec to include that - I think the readership of this one is maybe likely to be less familiar with TLS internals, compared to e.g. HTTP devs. (But I could easily be wrong there.)
(Ted Lemon; former steering group member) No Objection