emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ALPN support for GnuTLS connections


From: Eric Marsden
Subject: Re: ALPN support for GnuTLS connections
Date: Thu, 31 Oct 2024 14:31:22 +0100
User-agent: Mozilla Thunderbird

On 22/10/2024 07:38, Richard Stallman wrote:
   > For a service provider who makes it possible to access PostgreSQL
   > over the internet, there are many benefits to the new ALPN-based 
mechanism, such
   > as allowing the use of commercial “TLS gateways” (that do no 
application-level
   > processing) as entrypoints to their network. I expect that over time, an
   > increasing proportion of internet services will require ALPN.

What is a TLS gateway, and what would a usage scenario look like?
Who would choose to use one -- would it be the server, or the client?

In particular, if you are running your own server and you could set up
whatever network access methods you like, why would someone use a
"gateway" to talk with your server?  And presuming a decision to do
that, why would someone want to use a "commercial" one?

(This is a little tangential to the relevance of ALPN to Emacs when operating 
as a
TLS client; the main argument in favour in my view is the RFC “shall implement”
requirement for ALPN that I mentioned previously, and the fact that some 
application
protocols require ALPN. I will try to answer your question as best I can, but 
I’m not
an expert on this topic.)

TLS gateways are more often called application gateways: a type of server used 
by
service providers to dispatch requests originating from the outside network to a
suitable backend server. They implement functionality such as load balancing and
request filtering, and they often terminate TLS connections (this offloads 
expensive
cryptographic processing from the backend servers, and centralizes the 
management of
TLS certificates and access control rules). They are used by organizations that 
run
large numbers of servers, as well as by small service providers who use “cloud"”
computing, where some types of services and features are implemented by 
application
gateways.

My reason for mentioning this concerning Emacs’ ALPN support is that when Emacs
establishes network connections as a client, the other end will often be a
TLS-terminating application gateway. These gateways will, I believe, expand 
their use
of ALPN in the future.

Eric




reply via email to

[Prev in Thread] Current Thread [Next in Thread]