[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ALPN support for GnuTLS connections
From: |
Eric Marsden |
Subject: |
Re: ALPN support for GnuTLS connections |
Date: |
Thu, 31 Oct 2024 14:31:22 +0100 |
User-agent: |
Mozilla Thunderbird |
On 22/10/2024 07:38, Richard Stallman wrote:
> For a service provider who makes it possible to access PostgreSQL
> over the internet, there are many benefits to the new ALPN-based
mechanism, such
> as allowing the use of commercial “TLS gateways” (that do no
application-level
> processing) as entrypoints to their network. I expect that over time, an
> increasing proportion of internet services will require ALPN.
What is a TLS gateway, and what would a usage scenario look like?
Who would choose to use one -- would it be the server, or the client?
In particular, if you are running your own server and you could set up
whatever network access methods you like, why would someone use a
"gateway" to talk with your server? And presuming a decision to do
that, why would someone want to use a "commercial" one?
(This is a little tangential to the relevance of ALPN to Emacs when operating
as a
TLS client; the main argument in favour in my view is the RFC “shall implement”
requirement for ALPN that I mentioned previously, and the fact that some
application
protocols require ALPN. I will try to answer your question as best I can, but
I’m not
an expert on this topic.)
TLS gateways are more often called application gateways: a type of server used
by
service providers to dispatch requests originating from the outside network to a
suitable backend server. They implement functionality such as load balancing and
request filtering, and they often terminate TLS connections (this offloads
expensive
cryptographic processing from the backend servers, and centralizes the
management of
TLS certificates and access control rules). They are used by organizations that
run
large numbers of servers, as well as by small service providers who use “cloud"”
computing, where some types of services and features are implemented by
application
gateways.
My reason for mentioning this concerning Emacs’ ALPN support is that when Emacs
establishes network connections as a client, the other end will often be a
TLS-terminating application gateway. These gateways will, I believe, expand
their use
of ALPN in the future.
Eric
- Re: ALPN support for GnuTLS connections, (continued)